Omcloader

OMCLoader is a type of malware, malicious software designed to exploit and damage computer systems by infiltrating them through suspicious downloads, emails, or websites. This harmful program can steal personal information, disrupt operations, or hold data for ransom once it has infected a system. OMCLoader uses Advanced Encryption Standard (AES) to decrypt its payload, a method that allows it to conceal its activities and make detection more difficult. The code of OMCLoader includes components which base64 decode and AES decrypt a payload, adding another layer of complexity to its operation. In February 2023, a new malware named PikaBot emerged, which showed significant code overlap with later variants of OMCLoader. Both OMCLoader and the PikaBot loader share structural similarities as well as code commonalities in some anti-debug checks and process injection code. This suggests a possible connection or shared origin between these two types of malware, increasing the potential threat landscape. The AES key used by PikaBot also has a similar format to that used by OMCLoader, further indicating their close relation. The malware OMCLoader may also be known under another name, SharpDepositorCrypter. There is an ongoing effort to track the earlier RC4-based samples under this name, while the AES-based versions are tracked under the name OMCLoader. This double naming indicates the evolution of the malware over time, with changes in encryption methods marking different stages of its development. This tracking helps in understanding the malware's evolution and devising effective countermeasures against it.