Forensic - Zbot Trojan Horse Analysis
Zeus or Zbot Trojan Horse is a computer malware running on the computer under the Microsoft Windows operating system version, this is done attacker to perform malicious tasks such as stealing banking information etc.. you can continue it here Volatility testing this time I have received a file that has been in infections by Zeus Trojan named " zeus.vmem " 1.) The first stage uses the command " imageinfo " Identify information for the image. root@Double-H : ~ # vol -f ~/Desktop/Zeus/zeus.vmem imageinfo -f = filename imageinfo = Identify information for the image next, we can use the command " pslist " to display a list of the overall process on the file " zeus.vmem " command: root@Double-H : ~ # vol -f ~/Desktop/Zeus/zeus.vmem pslist seen in the picture above we have not found something strange, then we can try to call the command " connscan " to see if the file make a connection command: root@D