BTLO Malicious Powershell Analysis Walkthrough (Video Only)
The writeups will be a series to document how I solved each scenario on BTLO (Blue Team Labs Online), hope you will enjoy it :)
Note, the free BTLO challenge will be video only :)
Malicious Powershell Analysis Video Walkthrough
Scenario
Recently the networks of a large company named GothamLegend were compromised after an employee opened a phishing email containing malware. The damage caused was critical and resulted in business-wide disruption. GothamLegend had to reach out to a third-party incident response team to assist with the investigation. You are a member of the IR team - all you have is an encoded Powershell script. Can you decode it and identify what malware is responsible for this attack?
Tools
Text Editor
CyberChef
Difficulty
- Medium