Phishing Malware Hijacks Bitcoin Addresses and Delivers New Agent Tesla Variant

Security Alert
Published June 9, 2021

A new variant of Agent Tesla, a known cyber-spyware focused on stealing sensitive information from a victim’s device, has been discovered in a new phishing campaign. A Microsoft Excel document attached to a spam email downloaded and executed several pieces of VBscript code. This malware is used to hijack bitcoin address information and deliver a new variant of Agent Tesla onto the victim’s device.

MALWARE FAMILY:
Agent Tesla – S0331
ATT&CK IDS:
T1027 – Obfuscated Files or Information,T1053 – Scheduled Task/Job,T1056 – Input Capture,T1059 – Command and Scripting Interpreter,T1071 – Application Layer Protocol,T1106 – Native API,T1115 – Clipboard Data,T1218 – Signed Binary Proxy Execution,T1555 – Credentials from Password Stores,T1566 – Phishing,T1574 – Hijack Execution Flow,T1503 – Credentials from Web Browsers

Related Content

Ready to Simplify IT Management?

We will work with you to select a plan that meets your business needs, while helping you get more from your technology, with less work, and less worry about making it all run right.