A zip attachment contains a img with an exe: the malware. The other, a pdf downloading a zip with an exe: the same malware. The data is exfiltrated via SMTP.
Cybercrime, AgentTesla campaign via Guloader with a payment theme
Malware Hunter JAMESWT technical analysis
Payment-themed AgentTesla campaign via Guloader. The gz attachment contains a VBS which contacts 2 urls of the same domain and downloads other scripts, executing the final malware. Data is exfiltrated via Telegram API
New AgentTesla campaign via Guloader with a payment theme.
The gz attachment of an email contains a VBS which contacts two urls of the same domain and downloads other scripts, executing the final malware. The stolen data is then exfiltrated via Telegram API bot.
AgentTesla, through the keylogger function, is able to acquire everything the user types. Also, it can steal emails and browser credentials and take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.