Analysis of Black Energy Malware-Infected RAM Image with Volatility3
1 min read
Summary
A member has posted a link to a file containing a memory image of a Windows system infected with Black Energy malware, along with links to additional information about the malware and the Volatility3 tool for analysing malware-infected RAM images.
They then use the Volatility3 tool to analyse the malware, starting with the windows.info plugin to provide general information about the image, and the windows.pslist plugin to list all the processes within the RAM image.
This reveals two suspicious processes named rootkit.exe and cmd.exe, but these are terminated processes with no threads, so they are safe to ignore.
The analysis did not find any other suspicious activities in the RAM image.