This executable also has an encrypted resource.
The sample is heavily obfuscated to make the analysis more difficult for researchers.
To steal Wi-Fi profile credentials, a new netsh process is created by passing wlan show profile as argument.
*), on the stdout output of the process, Hossein explains.
Another possibility is using the Wi-Fi profile to set the stage for future attacks.
AgentTesla is not the first malware to update to steal Wi-Fi passwords.
Previously, the infamous Emotet malware was used tohack into Wi-Fi networksto infect connected computers.
It is not clear as to why AgentTesla added the Wi-Fi stealing feature.
Another possibility could be to use the Wi-Fi profile to set the stage for future attacks.
source: www.techworm.net
