Summary:
The CERT-AGID has reported a recent malware campaign that initially failed due to a missing activation string in the malicious email attachments. After revising their strategy, the attackers successfully deployed AgentTesla, a well-known infostealer, utilizing advanced encryption techniques to evade detection. The campaign highlights the challenges in malware deployment and the importance of proper integration of tools.
#MalwareCampaign #AgentTesla #CyberThreats
The CERT-AGID has reported a recent malware campaign that initially failed due to a missing activation string in the malicious email attachments. After revising their strategy, the attackers successfully deployed AgentTesla, a well-known infostealer, utilizing advanced encryption techniques to evade detection. The campaign highlights the challenges in malware deployment and the importance of proper integration of tools.
#MalwareCampaign #AgentTesla #CyberThreats
Keypoints:
The CERT-AGID has previously recorded malware-laden emails with faulty activation mechanisms.
Some attackers fail to properly integrate purchased tools like Malware as a Service (MaaS).
A recent malicious campaign involved an email attachment that did not activate due to a missing delimiter string.
The attackers revised their strategy and successfully deployed functional malware.
The analyzed malware sample was a .NET file encrypted with AES, using a specific delimiter for key extraction.
Cyberchef was utilized to decrypt the strings and obtain the executable, which was identified as AgentTesla.
AgentTesla is a prevalent infostealer in Italy, known for frequently changing its loader and employing advanced encryption techniques.
Indicators of Compromise (IoC) related to this campaign have been shared with accredited organizations.
MITRE Techniques
Execution (T1203): Exploits vulnerabilities in software to execute malicious code via email attachments.
Credential Dumping (T1003): Extracts credentials from the infected system to facilitate further attacks.
Obfuscated Files or Information (T1027): Uses encryption and obfuscation techniques to hide the true nature of the malware.
Command and Control (T1071): Establishes communication with compromised systems to receive commands and exfiltrate data.
IoC:
[file name] AgentTesla
[tool name] Cyberchef
[others] FjDyD6U
[others] X8mnGBm