skip to Main Content

Cybercrime, AgentTesla now passes from Russian customs

AgentTesla now passes from Russian customs. The doc attachment contacts a link, exploiting the Equation Editor vulnerability, and downloads an exe: the malware. Data is then exfiltered via SMTP to an email address

New AgentTesla campaign exploit the Russian customs as a bait.

The doc attachment contacts a link, exploiting the Equation Editor vulnerability, and downloads an exe file: the malware. Stolen data is then exfiltered via SMTP to an email address, the same of the recent “Auchan” themed campaign.

AgentTesla, through the keylogger function, is able to acquire everything the user types. Also, it can steal emails and browser credentials and take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top