in icedid/peloader/icedid_peloader.py [0:0]
def parse_config(self, raw_config_blob: bytes) -> dict:
conf = {}
config_values = raw_config_blob.split(b"\x00")
cleaned_values = [x for x in config_values if x != b""]
project_id = cleaned_values[0][0:4]
loader_version = cleaned_values[0][4:8]
cleaned_values = cleaned_values[1:-1]
for val in cleaned_values:
ascii_str = self.strip_non_ascii(val)
if "/" in ascii_str:
conf["uri"] = ascii_str
else:
if "domains" not in conf:
conf["domains"] = []
conf["domains"].append(ascii_str)
conf["family"] = self.family
conf[self.family] = {
"loader_version": malduck.enhex(loader_version).decode("utf-8"),
"project_id": malduck.enhex(project_id).decode("utf-8"),
}
return conf