Malware Memory Analysis - Volatility
(Publication) Google search: [1]
| Malware Memory Analysis - Volatility | |
|---|---|
| Botnet | |
| Malware | Zbot |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / Saturday, April 14, 2012 |
| Editor/Conference | Basement PC Tech |
| Link | http://blog.basementpctech.com/2012/04/in-acquiring-memory-blog-list-of-tools.html blog.basementpctech.com (blog.basementpctech.com Archive copy) |
| Author | Basement Tech |
| Type | |
Abstract
“ In the Acquiring Memory blog a list of tools that could be used to acquire the memory of a live system was listed. Once you have successfully acquire the memory of the system, a tool like volatility can be used to analyze the memory for data. In this assessment I will be evaluating the memory sample as a person that has no formal training in memory analysis or on how to use the tool to see if I can still use the tool to identify malicious code contain within the memory image. For this test the ZeuS memory sample acquired from the Google Code – Volatility Memory Sample page will be used.
I will use practical troubleshooting steps to established my approach of analyzing the memory sample.
Look for strange processes Look for strange network connections Check registry for strange entries added by the malicious code. Analyze suspicious code
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR987,
editor = {Basement PC Tech},
author = {Basement Tech},
title = {Malware Memory Analysis - Volatility},
date = {14},
month = Apr,
year = {2012},
howpublished = {\url{http://blog.basementpctech.com/2012/04/in-acquiring-memory-blog-list-of-tools.html blog.basementpctech.com}},
}