skip to Main Content

Cybercrime, Agent Tesla conveyed via fake beneficiary certificate

Technical analysis by the Malware Hunter JAMESWT

Agent Tesla is conveyed via a fake beneficiary certificate. The email ace attachment contains an exe: the malware itself. The data is exfiltrated via smtp. It is the continuation of the campaign of 13 July

New Agent Tesla campaign uses the bait of beneficiary certificate. The email .ace attachment is theoretically a form to be filled out.

In reality, it’s an executable file – the malware itself. This, if opened, triggers the malware infection. Once inside the computer, it steals information and exfilters it via smtp.

Agent Tesla, in fact, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones. The campaign is the continuation of the one circulated on July 13 with two different emails. The baits and files change, but the credentials and smtp hosts are the same.

Back To Top