Forum Discussion
FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs
I think you have the artifacts right as you posted the same code I did. If you paste it into cyberchef and then look at the right hand side and click on crlf, try changing it to line feed (see screenshot) and then delete all the red marks that show up. This should give the correct hash (if you select md5 from the cyberchef recipe menu).
AmbassadorI used cyber chef for this. Making sure I didn’t have any additional spaces in between. I then created the file using the output save to function. Then ran an MD5SUM against it.
Thanks CyberSharpe for your response. I have been using cyberchef but unfortunately in the environment that I am in I cannot save an actual file from the website, but I am able to copy/paste in the tools provided. Either way, doing the joining natively on my box or using cyberchef (copy/paste) I am getting the same MD5 hash - which isn't working for the question.
A question if you have a moment, please. I'm not looking for the answer here, but in your script is your first AND last line, respectively, these (below)?
$EncodedCompressedFile = @'
$Output | IEX
