In my recent article (here) I wondered why cybercriminals would use VHD files for their campaigns and offered a few tips and tools to analyse VHD files for forensic artifacts. After posting the article, I received a few questions about why VHD file forensics might be worth investing time into. This article continues on my forensic journey into this file format that is being used by cybercriminals.

Digging more for VHD files, I discovered another one that supposed to belong to the same group:

Hash: d5d9210ef49c6780016536b0863cc50f6de03f73e70c2af46cc3cff0e2bf9353

Filename: 30–1868.vhd

File size: 12.00 MB (12583424 bytes)

IN this case, the VHD file…

Christiaan Beek

Saved by His Grace • Visionary Threat Research leader•synth lover •opinions are my own• Speaker•

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store