The fake pdf attached to the "PURCHASE ORDER 05-30-2023" email contains a link, from which you download a tgz file with a TAR, inside which there is an exe: the malware.
Cybercrime, Agent Tesla is now spread in Italy with curriculum vitae
Technical analysis by the Malware Hunter JAMESWT
Agent Tesla is now sent to Italy with the curriculum vitae. Fake email from an alleged “professional technical employee” with .ace attachment. Inside there is an executable with malware. The data is exfiltrated via email
Agent Tesla is now hiding behind an alleged “professional technical employee”. The latest cybercrime campaign to distribute malware in Italy uses an email with an attached curriculum vitae in .ace format. This contains within it the executable of the malware. The goal of cyber criminals is to use it to steal sensitive data from victims, which are then exfiltrated via email to a fixed address. Agent Tesla, in fact, through the keylogger function, is able to acquire everything the user types. It can also steal email and browser credentials, and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating those present.