ZDNet reports that researchers at Sophos have discovered two new variants of AgentTesla, a remote access trojan, which include new features for the malware to evade detection by tampering with Microsoft Anti-Malware Software Interface (AMSI). Using a series of base64 encoded data chunks to hide its malware payload from inspection, AgentTesla first attempts to disarm AMSI. If successful, the loader is then decoded, installed and can run without any interference. AgentTesla is capable of taking screenshots, logging keystrokes, stealing clipboard data, and stealing credentials for a variety of apps. Additionally, Sophos has found new versions of AgentTesla that target more apps, while also providing more C2 options for attackers.
When evaluating a Managed Detection & Response (MDR) service there are 5 critical components that