Endpoint-Security
Found 2 related articles.
Back to Categories- 2025-03-23
Volatility3 Analysis of STRELASTEALER via Rundll32 Proxy Execution
Detailed forensic analysis of a Windows memory dump using Volatility3 to investigate a compromise at a financial institution. The analysis identifies a hidden malicious PowerShell process (powershell.exe -windowstyle hidden) abusing WebDAV to execute a second-stage payload (3435.dll) via rundll32.exe. This activity aligns with MITRE ATT&CK sub-technique T1218.011. The investigation determines the attacker's C2 IP (45.9.74.32), the compromised user ('Elon'), and correlates the C2 infrastructure with the STRELASTEALER malware family.
- 2025-02-23
The Crime - Mobile Forensics with ALEAPP to Reconstruct a Crime Timeline
Detailed mobile forensics writeup solving a murder case by analyzing an extracted Android device using ALEAPP. The analysis successfully traces the victim's final actions, identifying the primary financial stressor (Olymptrade and a 250,000 EGP debt owed to 'Shady Wahab'), the victim's final known location ('The Nile Ritz-Carlton'), planned escape route ('Las Vegas' flight ticket), and a final scheduled meeting location ('The Mob Museum') based on Discord chat logs.