A suspicious PowerShell script was found on one of our endpoints. Can you work out what it does?
Unzip the folder and open the PowerShell script in a text editor.
What is the SHA256 hash value for the PowerShell script file?
Get the file hash with the sha256sum tool.
What email address is used to send and receive emails?
Viewing the txt file will showcase the details.
What is the password for this email account?
What port is used for SMTP?
What DLL is imported to help record keystrokes?
What directory is the generated txt file put in?