Files packaged with Excel-DNA from which a dll containing 2 urls pointing to Discord is extracted. These download data files and encode them with XOR creating additional DLLs, which initiate the malware infection.
Technical analysis by the Malware Hunter JAMESWT
Agent Tesla passes by a shipping advice. The email zip attachment contains an exe: the malware itself. This exfilters the data stolen via smtp
A two-pallet shipment notice hides the latest global cybercrime campaign to convey Agent Tesla.
The email zip attachment contains an exe file: the malware itself. This, if open, activates the infection chain. Once inside the computer, it steals information and exfilters it via smtp.
Agent Tesla, in fact, through the keylogger function, is able to acquire everything the user types. Furthermore, he can steal browser emails and credentials and take screenshots. Finally, he has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.