skip to Main Content

Cybercrime, Agent Tesla attacks with couriers’ bait

Technical analysis by the Malware Hunter JAMESWT

The courier-themed Agent Tesla campaign is back. The bait is a fake DHL shipment. The attachment, if opened, contacts a link from which the malware is downloaded and the data is exfiltrated via SMTP

Agent Tesla returns to its global campaign with a courier-themed trap. The bait is the alleged receipt of a shipment from DHL, attached to the email. It is a .doc file which, if opened, contacts a link from which the malware is downloaded. The goal of cybercrime is to use it to steal sensitive data from victims, which is then exfiltrated via SMTP. Agent Tesla, in fact, through the keylogger function, is able to acquire everything that the user types. It can also steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.

The fake DHL mail

The communication via SMTP

Back To Top