Emdivi

Description

(Kaspersky) The emdivi family stores important data about itself, including C2, API name, strings for anti-analysis, value of mutexes, as well as the md5 checksum of backdoor commands and the internal proxy information. They are stored in encrypted form, and are decrypted when necessary. Therefore, to analyze an emdivi sample in detail, we need to locate which hex codes are encrypted, and how to decrypt them. In the process of decryption, a unique decryption key is required for each sample.

Names

Name
Emdivi
Newsripper

Category

Malware

Type

  • Backdoor

Information

Malpedia

Alienvault Otx

Other Information

Uuid

bdd9c8ab-168e-4a3f-a35a-3dd670a9bd02

Last Card Change

2020-05-13