Tag: Malware-Analysis | Yw4rf

2025-03-23

Volatility3 Analysis of STRELASTEALER via Rundll32 Proxy Execution

Detailed forensic analysis of a Windows memory dump using Volatility3 to investigate a compromise at a financial institution. The analysis identifies a hidden malicious PowerShell process (powershell.exe -windowstyle hidden) abusing WebDAV to execute a second-stage payload (3435.dll) via rundll32.exe. This activity aligns with MITRE ATT&CK sub-technique T1218.011. The investigation determines the attacker's C2 IP (45.9.74.32), the compromised user ('Elon'), and correlates the C2 infrastructure with the STRELASTEALER malware family.

CyberDefenders DFIR Memory-Analysis Volatility3 Malware-Analysis StrelaStealer MITRE-ATTACK T1218.011 Rundll32 WebDAV-Abuse PowerShell-Execution
2025-01-30

UFO-1 - Sandworm Team (APT44) MITRE ATT&CK TTP Analysis

Research writeup focusing on the Sandworm Team (APT44), a highly aggressive Russian APT group, using the MITRE ATT&CK framework. Analysis covers their TTPs, critical infrastructure attacks (e.g., 2016 Ukraine power grid, 2022 SCADA attacks), key malware (e.g., Industroyer2, NotPetya, Exaramel), persistence methods, and specific tools used for code execution and data destruction.

HackTheBox Sherlocks Threat-Intelligence APT44 Sandworm BlackEnergy MITRE-ATTACK ICS-Security Malware-Analysis