Objective: to counter the growing spread of fake news and disinformation against Paris and its Armed Forces. Parly: “We want to win the war before the war.”
Technical analysis by the Malware Hunter JAMESWT
Agent Tesla conveyed to Italy by a false order. The email gz attachment contains an exe: the malware itself. Stolen data is exfiltrated via ftp
Agent Tesla is now sent to Italy by an email about a fake order.
The gz attachment contains an executable file: the malware itself.
This, if open, activates the chain of infection. Once inside the victim’s computer, it steals information and exfilters it via ftp.
Agent Tesla, in fact, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.