Phishing Malware Hijacks Bitcoin Addresses and Delivers New Agent Tesla Variant

Security Alert
Published June 9, 2021

A new variant of Agent Tesla, a known cyber-spyware focused on stealing sensitive information from a victim’s device, has been discovered in a new phishing campaign. A Microsoft Excel document attached to a spam email downloaded and executed several pieces of VBscript code. This malware is used to hijack bitcoin address information and deliver a new variant of Agent Tesla onto the victim’s device.

MALWARE FAMILY:
Agent Tesla – S0331
ATT&CK IDS:
T1027 – Obfuscated Files or InformationT1053 – Scheduled Task/JobT1056 – Input CaptureT1059 – Command and Scripting InterpreterT1071 – Application Layer ProtocolT1106 – Native APIT1115 – Clipboard DataT1218 – Signed Binary Proxy ExecutionT1555 – Credentials from Password StoresT1566 – PhishingT1574 – Hijack Execution FlowT1503 – Credentials from Web Browsers

Related Content

Ready to Simplify IT Management?

We will work with you to create a plan that meets your business needs, while helping you get more from your technology, with less work, and less worry about making it all run right.