AgentTesla passes by a fake request for products from Dubai. The “Re: Revised Quotatio” email contains a zip file with an exe inside – the malware. It is not known how the stolen data is exfiltrated

AgentTesla is hiding in a fake email from a real Dubai company.

The lure is a price request with the document “Product Samples Xls.zip” attached, which contains an exe file: the malware. At the moment it is not clear what the method to exfiltrate the stolen data is. AgentTesla, through the keylogger function, can capture everything the user types. Also, it can steal emails and browser credentials and take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.