Article contents
Examining Evasive Malware Techniques: A Memory-Based and Behavioral Study of AgentTesla
Abstract
One of the largest evasive malware programs, AgentTesla, circumvents conventional detection methods by taking advantage of cutting-edge techniques like memory injection, sandbox evasion, and obfuscation. In this work, 35 AgentTesla samples gathered from open malware repositories under the name MalwareBazaar are analyzed behaviorally and memory based. A thorough description of evasion techniques is provided throughout the study to show how AgentTesla successfully overcomes defenses including signature-based and heuristic ones, such as anti-VM checks, SMTP-based data exfiltration, and hollowing. The study's conclusions emphasize the limitations of continuous analytic techniques and the need for behavioral, memory-focused, adaptive detection models to avoid these dangers. In order to enhance the future, this research also suggests a consolidated detection framework that combines memory forensics, machine learning training, and behavioral recording. In order to enhance the malware detection process going forward, this article also suggests a consolidated detection framework that combines memory forensics, machine learning training, and behavioral logging.