Article contents
Examining Evasive Malware Techniques: A Memory-Based and Behavioral Study of AgentTesla
Authors
-
Tabassum Sheikh Atkia
Master of Science in Cybersecurity, Computer Science & Engineering, Washington University of Science & Technology, Virginia, USA
https://orcid.org/0009-0005-1369-5248
-
Mahmud Rafsan
Independent Researcher, Virginia, USA
https://orcid.org/0009-0000-4153-0575
-
Sheikh Said Evna Jahidul Hoque
Independent Researcher, Federation University, Victoria, Australia
-
Ashfaqur Rahman Jaigirdar
Master of Science in Cybersecurity, Computer Science & Engineering, Washington University of Science & Technology, Virginia, USA
https://orcid.org/0009-0009-5061-2738
Abstract
One of the largest evasive malware programs, AgentTesla, circumvents conventional detection methods by taking advantage of cutting-edge techniques like memory injection, sandbox evasion, and obfuscation. In this work, 35 AgentTesla samples gathered from open malware repositories under the name MalwareBazaar are analyzed behaviorally and memory based. A thorough description of evasion techniques is provided throughout the study to show how AgentTesla successfully overcomes defenses including signature-based and heuristic ones, such as anti-VM checks, SMTP-based data exfiltration, and hollowing. The study's conclusions emphasize the limitations of continuous analytic techniques and the need for behavioral, memory-focused, adaptive detection models to avoid these dangers. In order to enhance the future, this research also suggests a consolidated detection framework that combines memory forensics, machine learning training, and behavioral recording. In order to enhance the malware detection process going forward, this article also suggests a consolidated detection framework that combines memory forensics, machine learning training, and behavioral logging.
Journal highlights
Aims & scope
Call for Papers
Article Processing Charges
Publications Ethics
Google Scholar Citations
Recruitment
