Fileless .NET Based Code Injection Attack Delivers AgentTesla Malware

29 April 2024

A recent malware campaign used a VBA macro in a Word document to download and execute a 64-bit Rust binary. This binary employs fileless injection techniques to load a malicious AgentTesla payload into its memory space. The malware leverages CLR hosting, a mechanism for native processes to execute.NET code, to achieve this, and the.NET runtime libraries are loaded dynamically, allowing the malware to operate without writing files to disc. The malware disables Event Tracing for Windows (ETW) by patching the “EtwEventWrite” API and then downloads a shellcode containing the AgenetTesla payload from a specific URL.

Source: GBHackers

Date:

29 April 2024

Categorie(s):

NEWS

Tag(s):

.NET, AgentTesla, Attacks, Cyber Attack, Cyber Security News

Core security measures to strengthen privacy and data protection programs15 May 2024
Cybersecurity jobs available right now: May 15, 202415 May 2024
Ransomware statistics that reveal alarming rate of cyber extortion15 May 2024
Stay Secure with Customized IT and Cyber Security Services15 May 2024
Dell Hack: Attacker Steals Customer Phone Numbers & Service Reports15 May 2024