AgentTesla campaign via a fake RFQ from Thailand. The email attachment contains a zip file with an exe inside: the malware. Stolen data is exfiltered via SMTP to an email

A fake RFQ from Thailand is the bait for a new AgentTesla campaign.

The “REQUEST FOR QUOTE – THAILAND ASIA DELIVERY // SEND US YOUR BEST OFFER” email attachment contains a zip file with an exe inside: the malware. Stolen data is exfiltered via SMTP to an email.

AgentTesla, through the keylogger function, is able to acquire everything that the user types. Also, it can steal emails, browser credentials and screenshots. Lastly, it has the ability to remotely issue commands to the infected PC, such as download additional payloads or update existing ones.