The configuration of a malware sample defines how the malware behaves. Automatically extracting the configuration brings many benefits to defenders.
- Malware configurations contain the highest fidelity IOCs that are possible to automatically generate.
- The configuration often completely describes the malware’s behavior.
- Extracted malware configurations provide extremely high-confidence malware family classification.
- Extracting malware configurations at scale can reveal connections among samples, and a deeper insight about a malware family and its development.