September 4, 2023 By Guru
Recent reports suggest threat actors have used phishing emails to distribute fileless malware. The attachment consists of a .hta (HTML Application) file, which can be used for deploying other malware like AgentTesla, Remcos, and LimeRAT.
This fileless malware is a Portable Executable (PE) format, which gets executed without creating the file on the victim’s system. The phishing email has the body context stating a bank transfer notice. In addition to the email, the email has an attachment with an ISO image embedded with a .hta script file. This file runs using the mshta.exe (Microsoft HTML Application).
