skip to Main Content

Cybercrime, Agent Tesla attacks with a new payment-themed campaign

Technical analysis by the Malware Hunter JAMESWT

New payment-themed Agent Tesla campaign. The two compressed attachments of the mail contain an exe file. Both initiate the malware infection and communicate with a single SMTP server

Agent Tesla hits several countries with a new payments-themed malspam campaign. The mail has two compressed attachments, which contain two exe files. These, if opened, start the malware infection. Both, however, communicate with the same SMTP server to exfiltrate the data. The goal of the cybercrime actors behind the campaign is to steal sensitive information from victims. The malware, in fact, through the keylogger function is able to acquire everything the user types. It can also steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.

The email-trap

The dialogue with the SMTP server

The malware family attribution

Back To Top