skip to Main Content

Cybercrime, new wave of the AgentTesla campaign on Isbank

New wave of the AgentTesla campaign on Isbank. The message template is identical to the previous one, except for the dates and the name of the attachment: 25_153325_221122_113030.7z. Inside is an exe, the malware, which exfiltrates stolen data via SMTP

New wave of the Isbank themed AgentTesla campaign. A new email is in circulation with an identical template to the previous one that used the Turkish bank as bait, with the exception of the dates at the beginning of the body of the message and the attachment.

The new one, in fact, is called “Scan2022-11-25_153325_221122_113030.7z” and inside it contains an exe file: the malware. The stolen data is then exfiltrated via SMTP.

AgentTesla, through the keylogger function, is able to acquire everything the user types. Also, it can steal emails and browser credentials and take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top