├── AgentTesla ├── AgentTesla_config_extractor.py ├── README.md ├── agenttesla_configs.txt ├── dnlib.dll └── requirements.txt ├── AllCome ├── README.md ├── allcome_extractor.py ├── extracted_allcome_configs.txt └── requirements.txt ├── BadSpace └── badspace_idapython_string_decrypter.py ├── BeamNG Mod └── Ghidra_BeamNGDLLResolveApiHashes.py ├── BrowserFixer ├── BFInstaller_log_decrypter.py ├── BF_String_Decryptor.sln ├── BF_String_Decryptor │ ├── App.config │ ├── BF_String_Decryptor.csproj │ ├── BF_String_Decryptor.csproj.user │ ├── FodyWeavers.xml │ ├── FodyWeavers.xsd │ ├── Program.cs │ ├── Properties │ │ └── AssemblyInfo.cs │ ├── myhegebatlogo_white.ico │ └── packages.config └── README.md ├── CobaltStrike ├── README.md ├── ghidra_cobaltstrike_resolve_api_hashes_by_comments.py ├── ghidra_cobaltstrike_resolve_api_hashes_by_createrefs.py └── python3_cobaltstrike_api_resolve.py ├── Dave ├── README.md ├── dave_after.png ├── dave_before.png └── deNOPfuscator.py ├── ECMAScript helpers ├── README.md ├── extract_called_functions.js └── rename_identifiers.js ├── EvilConwi └── dump_evilconwi_config.py ├── LimeRAT ├── README.md ├── limerat_config_extractor.py ├── limerat_configs.txt └── requirements.txt ├── LummaStealer ├── Ghidra_LummaResolveMurmur2ApiHashes.py └── README.md ├── NightHawk ├── README.md └── nighthawk_str_decoder.py ├── Nuitka ├── nuitka_extractor.py └── requirements.txt ├── PEUnion └── pe_union_speakeasy_unpacker.py ├── PrivateLoader └── private_loader_ida_disassembler_api_resolver.py ├── Python helper scripts ├── README.md └── extract_export_symbols.py ├── Qakbot ├── README.md ├── qbot_configs.txt ├── qbot_extractor.py ├── requirements.txt └── screenshot_output.png ├── README.md ├── RokRAT ├── Ghidra_RokRat_ResolveApiHashes.py └── python3_rokrat_api_resolve.py ├── Shellcode2PE ├── README.md └── shellcode_to_pe.py ├── Virut ├── Ghidra_Virut_ResolveApiHashes.py ├── Readme.md └── python3_virut_resolve_api_hashes.py ├── XWormRAT ├── README.md ├── requirements.txt └── xwormrat_extractor.py ├── ghidra_scripts ├── PropagateExternalParametersX64.java ├── README.md └── move_callers_to_malware_namespace.py └── gootloader ├── .gitignore ├── README.md ├── c2list.txt ├── gootloader_decoded_c2layer.png ├── gootloader_decoder.js ├── gootloader_decoder_output.png └── package.json /AgentTesla/AgentTesla_config_extractor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/AgentTesla/AgentTesla_config_extractor.py -------------------------------------------------------------------------------- /AgentTesla/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/AgentTesla/README.md -------------------------------------------------------------------------------- /AgentTesla/agenttesla_configs.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/AgentTesla/agenttesla_configs.txt -------------------------------------------------------------------------------- /AgentTesla/dnlib.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/AgentTesla/dnlib.dll -------------------------------------------------------------------------------- /AgentTesla/requirements.txt: -------------------------------------------------------------------------------- 1 | pythonnet>=3.0.3 -------------------------------------------------------------------------------- /AllCome/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/AllCome/README.md -------------------------------------------------------------------------------- /AllCome/allcome_extractor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/AllCome/allcome_extractor.py -------------------------------------------------------------------------------- /AllCome/extracted_allcome_configs.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/AllCome/extracted_allcome_configs.txt -------------------------------------------------------------------------------- /AllCome/requirements.txt: -------------------------------------------------------------------------------- 1 | pefile>=2023.2.7 -------------------------------------------------------------------------------- /BadSpace/badspace_idapython_string_decrypter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/BadSpace/badspace_idapython_string_decrypter.py -------------------------------------------------------------------------------- /BeamNG Mod/Ghidra_BeamNGDLLResolveApiHashes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/BeamNG Mod/Ghidra_BeamNGDLLResolveApiHashes.py -------------------------------------------------------------------------------- /BrowserFixer/BFInstaller_log_decrypter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/BrowserFixer/BFInstaller_log_decrypter.py -------------------------------------------------------------------------------- /BrowserFixer/BF_String_Decryptor.sln: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/BrowserFixer/BF_String_Decryptor.sln -------------------------------------------------------------------------------- /BrowserFixer/BF_String_Decryptor/App.config: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/BrowserFixer/BF_String_Decryptor/App.config -------------------------------------------------------------------------------- /BrowserFixer/BF_String_Decryptor/BF_String_Decryptor.csproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/BrowserFixer/BF_String_Decryptor/BF_String_Decryptor.csproj -------------------------------------------------------------------------------- /BrowserFixer/BF_String_Decryptor/BF_String_Decryptor.csproj.user: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/BrowserFixer/BF_String_Decryptor/BF_String_Decryptor.csproj.user -------------------------------------------------------------------------------- /BrowserFixer/BF_String_Decryptor/FodyWeavers.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/BrowserFixer/BF_String_Decryptor/FodyWeavers.xml -------------------------------------------------------------------------------- /BrowserFixer/BF_String_Decryptor/FodyWeavers.xsd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/BrowserFixer/BF_String_Decryptor/FodyWeavers.xsd -------------------------------------------------------------------------------- /BrowserFixer/BF_String_Decryptor/Program.cs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/BrowserFixer/BF_String_Decryptor/Program.cs -------------------------------------------------------------------------------- /BrowserFixer/BF_String_Decryptor/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/BrowserFixer/BF_String_Decryptor/Properties/AssemblyInfo.cs -------------------------------------------------------------------------------- /BrowserFixer/BF_String_Decryptor/myhegebatlogo_white.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/BrowserFixer/BF_String_Decryptor/myhegebatlogo_white.ico -------------------------------------------------------------------------------- /BrowserFixer/BF_String_Decryptor/packages.config: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/BrowserFixer/BF_String_Decryptor/packages.config -------------------------------------------------------------------------------- /BrowserFixer/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/BrowserFixer/README.md -------------------------------------------------------------------------------- /CobaltStrike/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/CobaltStrike/README.md -------------------------------------------------------------------------------- /CobaltStrike/ghidra_cobaltstrike_resolve_api_hashes_by_comments.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/CobaltStrike/ghidra_cobaltstrike_resolve_api_hashes_by_comments.py -------------------------------------------------------------------------------- /CobaltStrike/ghidra_cobaltstrike_resolve_api_hashes_by_createrefs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/CobaltStrike/ghidra_cobaltstrike_resolve_api_hashes_by_createrefs.py -------------------------------------------------------------------------------- /CobaltStrike/python3_cobaltstrike_api_resolve.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/CobaltStrike/python3_cobaltstrike_api_resolve.py -------------------------------------------------------------------------------- /Dave/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/Dave/README.md -------------------------------------------------------------------------------- /Dave/dave_after.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/Dave/dave_after.png -------------------------------------------------------------------------------- /Dave/dave_before.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/Dave/dave_before.png -------------------------------------------------------------------------------- /Dave/deNOPfuscator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/Dave/deNOPfuscator.py -------------------------------------------------------------------------------- /ECMAScript helpers/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/ECMAScript helpers/README.md -------------------------------------------------------------------------------- /ECMAScript helpers/extract_called_functions.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/ECMAScript helpers/extract_called_functions.js -------------------------------------------------------------------------------- /ECMAScript helpers/rename_identifiers.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/ECMAScript helpers/rename_identifiers.js -------------------------------------------------------------------------------- /EvilConwi/dump_evilconwi_config.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/EvilConwi/dump_evilconwi_config.py -------------------------------------------------------------------------------- /LimeRAT/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/LimeRAT/README.md -------------------------------------------------------------------------------- /LimeRAT/limerat_config_extractor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/LimeRAT/limerat_config_extractor.py -------------------------------------------------------------------------------- /LimeRAT/limerat_configs.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/LimeRAT/limerat_configs.txt -------------------------------------------------------------------------------- /LimeRAT/requirements.txt: -------------------------------------------------------------------------------- 1 | pythonnet>=3.0.3 -------------------------------------------------------------------------------- /LummaStealer/Ghidra_LummaResolveMurmur2ApiHashes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/LummaStealer/Ghidra_LummaResolveMurmur2ApiHashes.py -------------------------------------------------------------------------------- /LummaStealer/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/LummaStealer/README.md -------------------------------------------------------------------------------- /NightHawk/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/NightHawk/README.md -------------------------------------------------------------------------------- /NightHawk/nighthawk_str_decoder.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/NightHawk/nighthawk_str_decoder.py -------------------------------------------------------------------------------- /Nuitka/nuitka_extractor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/Nuitka/nuitka_extractor.py -------------------------------------------------------------------------------- /Nuitka/requirements.txt: -------------------------------------------------------------------------------- 1 | pefile 2 | pyzstd -------------------------------------------------------------------------------- /PEUnion/pe_union_speakeasy_unpacker.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/PEUnion/pe_union_speakeasy_unpacker.py -------------------------------------------------------------------------------- /PrivateLoader/private_loader_ida_disassembler_api_resolver.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/PrivateLoader/private_loader_ida_disassembler_api_resolver.py -------------------------------------------------------------------------------- /Python helper scripts/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/Python helper scripts/README.md -------------------------------------------------------------------------------- /Python helper scripts/extract_export_symbols.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/Python helper scripts/extract_export_symbols.py -------------------------------------------------------------------------------- /Qakbot/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/Qakbot/README.md -------------------------------------------------------------------------------- /Qakbot/qbot_configs.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/Qakbot/qbot_configs.txt -------------------------------------------------------------------------------- /Qakbot/qbot_extractor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/Qakbot/qbot_extractor.py -------------------------------------------------------------------------------- /Qakbot/requirements.txt: -------------------------------------------------------------------------------- 1 | pefile>=2023.2.7 -------------------------------------------------------------------------------- /Qakbot/screenshot_output.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/Qakbot/screenshot_output.png -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/README.md -------------------------------------------------------------------------------- /RokRAT/Ghidra_RokRat_ResolveApiHashes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/RokRAT/Ghidra_RokRat_ResolveApiHashes.py -------------------------------------------------------------------------------- /RokRAT/python3_rokrat_api_resolve.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/RokRAT/python3_rokrat_api_resolve.py -------------------------------------------------------------------------------- /Shellcode2PE/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/Shellcode2PE/README.md -------------------------------------------------------------------------------- /Shellcode2PE/shellcode_to_pe.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/Shellcode2PE/shellcode_to_pe.py -------------------------------------------------------------------------------- /Virut/Ghidra_Virut_ResolveApiHashes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/Virut/Ghidra_Virut_ResolveApiHashes.py -------------------------------------------------------------------------------- /Virut/Readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/Virut/Readme.md -------------------------------------------------------------------------------- /Virut/python3_virut_resolve_api_hashes.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/Virut/python3_virut_resolve_api_hashes.py -------------------------------------------------------------------------------- /XWormRAT/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/XWormRAT/README.md -------------------------------------------------------------------------------- /XWormRAT/requirements.txt: -------------------------------------------------------------------------------- 1 | pythonnet>=3.0.3 -------------------------------------------------------------------------------- /XWormRAT/xwormrat_extractor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/XWormRAT/xwormrat_extractor.py -------------------------------------------------------------------------------- /ghidra_scripts/PropagateExternalParametersX64.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/ghidra_scripts/PropagateExternalParametersX64.java -------------------------------------------------------------------------------- /ghidra_scripts/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/ghidra_scripts/README.md -------------------------------------------------------------------------------- /ghidra_scripts/move_callers_to_malware_namespace.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/ghidra_scripts/move_callers_to_malware_namespace.py -------------------------------------------------------------------------------- /gootloader/.gitignore: -------------------------------------------------------------------------------- 1 | node_modules/ 2 | .vscode -------------------------------------------------------------------------------- /gootloader/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/gootloader/README.md -------------------------------------------------------------------------------- /gootloader/c2list.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/gootloader/c2list.txt -------------------------------------------------------------------------------- /gootloader/gootloader_decoded_c2layer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/gootloader/gootloader_decoded_c2layer.png -------------------------------------------------------------------------------- /gootloader/gootloader_decoder.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/gootloader/gootloader_decoder.js -------------------------------------------------------------------------------- /gootloader/gootloader_decoder_output.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/gootloader/gootloader_decoder_output.png -------------------------------------------------------------------------------- /gootloader/package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/struppigel/hedgehog-tools/HEAD/gootloader/package.json --------------------------------------------------------------------------------