Analysis of Native Process CLR Hosting Used by AgentTesla
Analysis of Native Process CLR Hosting Used by AgentTesla
29 April 2024
The initial infection vector is a Word document that downloads and executes a 64-bit Rust-compiled binary. This binary then downloads an encoded shellcode containing the AgentTesla payload.