Recently I stumbled upon malware sample which was part of Grey Energy malware campaign targeting Ukraine energy infrastructure. I ran the hash of the file on virutotal and many of the antiviruses tagged it Grey Energy and I tried to do a little more internet research but didn’t find and analysis on it. As there was no post on this sample so I decided to write one.
In the post you will learn the following:
- How to debug Windows Service Application DLL
- Learn how to use a EBFE debugging technique
- Unpacking a DLL binary
- How to dump an unpacked in-memory executable
File hash : 15a6f734ca79efc027000dd12f4d3870ccc9f604517b0e700c05b961659308d1