Posted Malware Analysis

Unpacking Grey Energy malware (Service Application DLL)

Recently I stumbled upon malware sample which was part of Grey Energy malware campaign targeting Ukraine energy infrastructure. I ran the hash of the file on virutotal and many of the antiviruses tagged it Grey Energy and I tried to do a little more internet research but didn’t find and analysis on it. As there was no post on this sample so I decided to write one.
In the post you will learn the following:

  1. How to debug Windows Service Application DLL
  2. Learn how to use a EBFE debugging technique
  3. Unpacking a DLL binary
  4. How to dump an unpacked in-memory executable

File hash : 15a6f734ca79efc027000dd12f4d3870ccc9f604517b0e700c05b961659308d1

Read more
Follow

Categories

Archives

Recents

Tags

ACS7121
ARM Reversing1
Arduino5
Bare-Metal1
CTF14
Chat Bots2
Classification1
Data Analysis2
Data Wrangling3
Dev1
Dropper1
ESP82662
Editor1
Emacs1
Exploitation2
GandCrab1
Grey Energy1
Heap Exploitation4
IoT6
Kernel Debugging1
Linux17
Linux Malware3
Machine Learning2
Malware Analysis3
NLP1
Python5
RISC-V1
RISC-V-Shellcode1
ROP1
Regression1
Reverse Engineering2
Shellcode2
Tracing1
Visualization1
WarGames5
Windows Malware3
Windows Reversing1
glibc1
javascript obfuscation1
pwnable13
pwnable-kr7
pwnable-tw6
radare24
Your browser is out-of-date!

Update your browser to view this website correctly.&npsb;Update my browser now

×

×