It asks to open a link to revise an agreement. It lands to a website that simulates the victim’s organization homepage, in which the user has only to digit the password.
Technical analysis by the Malware Hunter JAMESWT
Agent Tesla purchase order themed campaign from Dubai. The r0 email attachment contains an exe file: the malware itself. Stolen data is exfiltrated via smtp
A fake purchase order from Dubai conveys the latest AgenTesla global campaign.
R0 email attachment contains an exe file: the malware itself. This, if opened, triggers the infection of the malware. Once inside the computer, it steals information and exfilters it via smtp.
Agent Tesla, in fact, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.