Omcloader

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
OMCLoader is a type of malware, malicious software designed to exploit and damage computer systems by infiltrating them through suspicious downloads, emails, or websites. This harmful program can steal personal information, disrupt operations, or hold data for ransom once it has infected a system. OMCLoader uses Advanced Encryption Standard (AES) to decrypt its payload, a method that allows it to conceal its activities and make detection more difficult. The code of OMCLoader includes components which base64 decode and AES decrypt a payload, adding another layer of complexity to its operation. In February 2023, a new malware named PikaBot emerged, which showed significant code overlap with later variants of OMCLoader. Both OMCLoader and the PikaBot loader share structural similarities as well as code commonalities in some anti-debug checks and process injection code. This suggests a possible connection or shared origin between these two types of malware, increasing the potential threat landscape. The AES key used by PikaBot also has a similar format to that used by OMCLoader, further indicating their close relation. The malware OMCLoader may also be known under another name, SharpDepositorCrypter. There is an ongoing effort to track the earlier RC4-based samples under this name, while the AES-based versions are tracked under the name OMCLoader. This double naming indicates the evolution of the malware over time, with changes in encryption methods marking different stages of its development. This tracking helps in understanding the malware's evolution and devising effective countermeasures against it.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Sharpdepositorcrypter
1
SharpDepositorCrypter, also known as OMCLoader, is a form of malware that was primarily utilized by the BlackBasta ransomware group during most of 2022. The malware originated as a loader for a .NET infostealer named SharpDepositor, which may explain its name found in PDB strings of early samples. H
Pikabot
1
PikaBot is a harmful malware that emerged in 2023, designed to exploit and damage computer systems. It infiltrates systems through dubious downloads, emails, or websites, often undetected by the user. Once inside a system, PikaBot can pilfer personal information, disrupt operations, or even ransom d
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Payload
Malware
Loader
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Omcloader Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
SecurityIntelligence.com
a year ago
The Trickbot/Conti Crypters: Where Are They Now?