OriginBotnet, RedLine Clipper, and AgentTesla Distributed Via Phishing Emails

A recent email phishing scam that deceives users into downloading a malware loader was found by FortiGuard Labs. The payloads of the loader include AgentTesla, RedLine Clipper, and OriginBotnet (for keylogging and password recovery). This loader employs a binary padding evasion technique that includes the addition of null bytes to make the file appear to be 400 MB or larger.

To trick the receiver into clicking on it and activating a malicious link embedded in a Word document, the phishing email contains a malicious Word document with a blurred image and a false reCAPTCHA. Following that, the malware loader goes through a number of stages, including decoding resource data, establishing persistence, decrypting a PowerShell command, duplicating files for automatic starting, executing methods from decrypted DLLs, and causing the execution of other files.

OriginBotnet, RedLine Clipper, and AgentTesla Distributed Via Phishing Emails

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

OriginBotnet, RedLine Clipper, and AgentTesla Distributed Via Phishing Emails

12-Sep-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address