A recent multi-stage attack has emerged, delivering malware such as Agent Tesla variants, Remcos RAT, and XLoader through sophisticated mechanisms intended to bypass traditional detection methods. Researchers noted that the attack begins with a phishing email that lures recipients with a false order request, prompting them to open a malicious attachment. The intricate process involves a JavaScript payload executing a PowerShell script that downloads and decodes further malicious components, ultimately leading to the deployment of malware like Agent Tesla. This demonstrates an advanced approach to maintaining resilience against detection efforts.
Attackers increasingly rely on such complex delivery mechanisms to evade detection, bypass traditional sandboxes, and ensure successful payload delivery and execution.
The attack leads to a next-stage dropper that is either compiled using .NET or AutoIt.
The AutoIt script incorporates an encrypted payload that's responsible for loading the final shellcode, causing .NET file to be injected into a 'RegSvcs.exe' process.
This suggests that the attacker employs multiple execution paths to increase resilience and evade detection.
Collection
[
|
...
]