In 3 days, as many emails arrived. The text is always the same, change the name of the attachment. A rar with an exe inside: the malware.
Technical analysis by the Malware Hunter JAMESWT
Agent Tesla goes through a fake order from a Turkish company. The email gz attachment contains an executable: the malware itself. If open, it activates the infection. The stolen data is then exfiltrated via ftp
A false order from a Turkish company conveys the latest Agent tesla global campaign.
The email gz attachment contains an exe: the malware itself. This, if open, activates the chain of infection. Once inside the victim’s computer, it steals information and exfilters it via ftp.
Agent Tesla, in fact, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.