top of page

Analysis of phishing activities delivered by AgentTesla using GuLoader

In recent years, the AgentTesla secret-stealing Trojan has continued to be active, and Antiy CERT has repeatedly monitored attacks targeting domestic government, enterprise institutions, and colleges and universities to deliver this secret-stealing Trojan. Since February this year , Antiy CERT has detected a new round of phishing activities using GuLoader to deliver the AgentTesla secret-stealing Trojan. The attackers sent phishing emails to companies in the fields of manufacturing, energy, and the Internet in many European and Asian countries with the subject of product quotations, and discovered an attack against a domestic company.

MALWARE FAMILIES: GuLoader - S0561, Agent Tesla

ATT&CK IDS: TA0042 - Resource Development, T1566 - Phishing, T1204 - User Execution, T1001 - Data Obfuscation, T1112 - Modify Registry, T1055 - Process Injection, T1498.002 - Reflection Amplification, T1003 - OS Credential Dumping, T1087 - Account Discovery, T1018 - Remote System Discovery, T1022 - Data Encrypted, T1113 - Screen Capture, T1020 - Automated Exfiltration

Read More:



Commenting has been turned off.
bottom of page