skip to Main Content

Cybercrime, AgentTesla conveyed by a false invoice with sender in Rome

Technical analysis by the Malware Hunter JAMESWT

AgentTesla is conveyed by a false invoice with sender in Rome. The zip attachment of the message, which also arrived in Italy, contains an exe: the malware itself. Stolen data is exfiltrated via SMTP

AgentTesla is now conveyed by a fake email from a Canadian company, which has also arrived in Italy, which however has a Rome address in the text.

The zip attachment contains an executable file: the malware itself. This, if opened, carries the infection. Once installed on the victim’s computer, the stolen data is exfiltrated by cybercrime actors via smtp.

Agent Tesla, in fact, through the keylogger function, is able to acquire everything the user types. Furthermore, he can steal browser emails and credentials and take screenshots. Finally, he has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top