Recently i’ve published this post focused on hunting malware using volatility and Yara rules.
Previously i’ve talked a lot about Volatility, and i’ve published also some articles about YARA. Today i’d like share a brief and simple workflow, useful for a first high-level analysis of memory dumps in order to search the presence of a generic malware.
If you need to generate your own rules starting from recovered evidences YARA is a tool aimed at helping malware researchers to identify and classify malware samples. Basically, write some antivirus signatures (or essentially regular expressions) and it can search a binary file for them.