Pulse Detail — Threat Intelligence

PULSE NAME

Malicious Compiled HTML Help File Delivering Agent Tesla

WHITE AlienVault 2022-05-13 Modified: 2022-05-13

IOCs

MEDIUM VOLUME

Unit 42 observed malicious compiled HTML help files for the initial delivery. They will show how to analyze the malicious compiled HTML help file. They will then follow the chain of attack through JavaScript and multiple stages of PowerShell and show how to analyze them up to the final payload.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1059 T1176 T1071 T1104 T1566

MALWARE FAMILIES

Agent Tesla

Indicators of Compromise (15)

All hostname URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256

TYPE	INDICATOR	DESCRIPTION	CREATED
hostname	ftp.videoalliance.ru	—	2022-05-13
URL	http://pk-consult.hr/N2.jpg	—	2022-05-13
FileHash-MD5	7a23f4d94da4fcf01f375c6a7d90be80	MD5 of 9ba024231d4aed094757324d8c65c35d605a51cdc1e18ae570f1b059085c2454	2022-05-13
FileHash-MD5	91dbec3653b27c394719fcf5341fe460	MD5 of 081fd54d8d4731bbea9a2588ca53672feef0b835dc9fa9855b020a352819feaa	2022-05-13
FileHash-MD5	92ee63cb3b5c54d37b805335ecdb8aa6	MD5 of 0fd2e47d373e07488748ac63d9229fdef4fd83d51cf6da79a10628765956de7a	2022-05-13
FileHash-MD5	ea370cb200e0c11b48f89e095c6a975e	MD5 of 3446ec621506d87d372c596e1d384d9fd2c1637b3655d7ccadf5d9f64678681e	2022-05-13
FileHash-SHA1	2f69d9c1873e66d93862b8ab1e206a358579f7fd	SHA1 of 0fd2e47d373e07488748ac63d9229fdef4fd83d51cf6da79a10628765956de7a	2022-05-13
FileHash-SHA1	7d69e251a3ae370ba996380e6712ca117ea2a1b6	SHA1 of 3446ec621506d87d372c596e1d384d9fd2c1637b3655d7ccadf5d9f64678681e	2022-05-13
FileHash-SHA1	a50c2a927bc2d793bd21e29529a267e4de51f48b	SHA1 of 9ba024231d4aed094757324d8c65c35d605a51cdc1e18ae570f1b059085c2454	2022-05-13
FileHash-SHA1	f8dbeaf04a5d6667f79b27b3d3deb63e3c89e706	SHA1 of 081fd54d8d4731bbea9a2588ca53672feef0b835dc9fa9855b020a352819feaa	2022-05-13
FileHash-SHA256	081fd54d8d4731bbea9a2588ca53672feef0b835dc9fa9855b020a352819feaa	—	2022-05-13
FileHash-SHA256	0fd2e47d373e07488748ac63d9229fdef4fd83d51cf6da79a10628765956de7a	—	2022-05-13
FileHash-SHA256	3446ec621506d87d372c596e1d384d9fd2c1637b3655d7ccadf5d9f64678681e	—	2022-05-13
FileHash-SHA256	9ba024231d4aed094757324d8c65c35d605a51cdc1e18ae570f1b059085c2454	—	2022-05-13
FileHash-SHA256	c684f1a6ec49214eba61175303bcaacb91dc0eba75abd0bd0e2407f3e65bce2a	—	2022-05-13

References (1)

↗ https://unit42.paloaltonetworks.com/malicious-compiled-html-help-file-agent-tesla/