This document discusses extracting malware configuration data from memory dumps. It introduces MalConfScan, a Volatility plugin that extracts configuration data of known malware from memory images. It supports many malware families. Using Volatility avoids needing to unpack malware. The document also covers MalConfScan-with-Cuckoo, which automates configuration extraction by running malware in Cuckoo Sandbox and analyzing the memory dump with MalConfScan. It discusses bypassing anti-analysis techniques used by malware to evade detection.