skip to Main Content

Cybercrime, Agent Tesla hidden in a fake payment invoice

Technical analysis by the Malware Hunter JAMESWT

Cybercrime, Agent Tesla hidden in a fake payment invoice. The email contains an exe and a zip with the same executable inside. Both are the malware. Data is exfiltered via smtp

A payment invoice hides Agent Tesla’s latest global campaign.

The email contains two attachments: an exe and a zip with the same executable inside, both are the malware. If the exe is opened, it activates the chain of infection. Once inside the victim’s computer, it steals information and exfilters it via smtp.

Agent Tesla, in fact, through the keylogger function, is able to acquire everything the user types. Furthermore, he can steal browser emails and credentials and take screenshots. Finally, he has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top