The xz attachment of a fake bank email contains an exe file: the malware.
AgentTesla again through real companies in Turkey. The .bz attachment of the email about a purchase order contains the exe: the malware. Stolen data is exfiltrated via Telegram API
Turkey is still at the center of a new AgentTesla campaign with a purchase order theme.
The .bz attachment “2022-1255719 FİYAT TALEBİ_İRSALİYE TALEBİ scan00100_PDF” of a fake email from a real local company contains an exe file: the malware. Stolen data is exfiltrated via Telegram API.
The campaign follows recent ones that used the same payload, associated with emails from real Turkish companies, to attack targets in different countries. AgentTesla, through the keylogger function, is able to acquire everything the user types. Also, it can steal emails and browser credentials and take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.