Posted Updated Malware Analysis14 minutes read (About 2137 words)

Unpacking Grey Energy malware (Service Application DLL)

Recently I stumbled upon malware sample which was part of Grey Energy malware campaign targeting Ukraine energy infrastructure. I ran the hash of the file on virutotal and many of the antiviruses tagged it Grey Energy and I tried to do a little more internet research but didn’t find and analysis on it. As there was no post on this sample so I decided to write one.
In the post you will learn the following:

  1. How to debug Windows Service Application DLL
  2. Learn how to use a EBFE debugging technique
  3. Unpacking a DLL binary
  4. How to dump an unpacked in-memory executable

File hash : 15a6f734ca79efc027000dd12f4d3870ccc9f604517b0e700c05b961659308d1

Read more
Follow

Categories

Tags

ACS7121
Arduino5
Bare-Metal1
CTF14
Chat Bots2
Classification1
Data Wrangling3
Dev1
Dropper1
ESP82662
Editor1
Emacs1
Exploitation2
GandCrab1
Grey Energy1
Heap Exploitation4
Kernel Debugging1
Linux16
Linux Malware3
Malware Analysis3
Python5
ROP1
Regression1
Reverse Engineering1
Visualization1
WarGames5
Windows Malware3
Windows Reversing1
glibc1
javascript obfuscation1
pwnable13
pwnable-kr7
pwnable-tw6
radare24

Recents

Archives

Your browser is out-of-date!

Update your browser to view this website correctly.&npsb;Update my browser now

×

×