skip to Main Content

Cybercrime, AgentTesla campaign via DHL shipping

Technical analysis by the Malware Hunter JAMESWT

AgentTesla campaign via DHL shipping. The gz attachment contains an exe file: the malware itself. Stolen data is exfiltrated via smtp from a compromised account to a gmail recipient

A fake email from DHL about the shipment of documents conveys the latest AgentTesla campaign.

The gz attachment contains an exe file: the malware itself. Stolen data is exfiltrated via smtp from a compromised account to a gmail recipient.

Agent Tesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top