The xz attachment of a fake bank email contains an exe file: the malware.
Technical analysis by the Malware Hunter JAMESWT
AgentTesla hides in a fake email about a payment. The gz attachment contains an exe file: the malware itself. Stolen data is exfiltrated via FTP
AgentTesla hides inside an email about a false payment confirmation.
The gz attachment contains an exe file: the malware itself. The stolen data is then exfiltrated via FTP.
AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.