Threat Research

Unmasking Agent Tesla: A Deep Dive into a Multi-Stage Campaign examines how Agent Tesla continues to pose a significant threat by enabling even low-skilled actors to steal sensitive information through a refined and layered infection process....

QuirkyLoader is a newly observed malware loader, active since November 2024, used to deliver various infostealers and remote access trojans (RATs) like Agent Tesla, AsyncRAT, FormBook, Remcos, and others. The infection begins with phishing emails containing malicious archives. These archives include a legitimate executable, an encrypted payload, and a malicious DLL....

This report analyzes a complex phishing campaign that uses multi-stage, modular techniques to deliver high-risk malware, specifically the credential-stealer Agent Tesla. Compressed email attachments contain layered droppers that deploy the malware by injecting it into trusted system processes, evading detection....

In December 2024, we identified a multi-stage attack chain used to deliver malware such as Agent Tesla variants, Remcos RAT, and XLoader. Attackers are increasingly adopting layered delivery tactics to bypass detection tools and traditional sandboxes. The phishing campaign we examined disguised itself as an order release request, delivering a malicious attachment....

This article explores obfuscation techniques in popular malware families and highlights opportunities for automating the unpacking process. We analyze observed samples, demonstrating how to extract configuration parameters by unpacking each stage. Automating this process would enable sandboxes performing static analysis to retrieve critical malware configuration data....