Indicators of Compromise Malicious Compiled HTML Help File Palo Alto Networks customers are protected from malware families using similar anti-analysis techniques with Cortex XDR or the Next-Generation Firewall with WildFire and Threat Prevention security subscriptions. It does this primarily via keystroke logging, screen capturing, camera recording and accessing sensitive data. Agent Tesla focuses on stealing sensitive information from a victim’s computer and sending that information to the attacker over FTP, SMTP or HTTP. Agent Tesla is well-known malware that has been around for a while. This particular attack chain delivered Agent Tesla as the final payload. Potential victims may have been trained to avoid documents, scripts and executables from unknown senders, but it is important to be careful of almost any filetype. An attempt to bypass security training.An attempt to bypass security products.The attack is interesting because attackers are often looking for creative ways to deliver their payloads.
We will then follow the chain of attack through JavaScript and multiple stages of PowerShell and show how to analyze them up to the final payload.
We will show how to analyze the malicious compiled HTML help file. This blog describes an attack that Unit 42 observed utilizing malicious compiled HTML help files for the initial delivery.
0 kommentar(er)
