From Discord Link to Malware Infection: Digital Forensics Walkthrough

In a recent digital forensics challenge, an organisation was tasked with discovering how a malware infection occurred.
Starting with a disk image of the infected machine, the company discovered that the initial point of entry was via a Discord link, an increasingly popular means for cyber criminals to deliver malware to unsuspecting users.
Using a range of digital forensics tools, including Autopsy and ANY.RUN, the organisation was able to assess static images followed by dynamic behavioural analysis to uncover how the malware operated.
By understanding the PowerShell scripts used by the malware, and decrypting an encrypted file, the organisation discovered a key piece of information that enabled a user to decrypt other files on the system that had been encrypted by the malware.

Fast Feed