skip to Main Content

Cybercrime, AgentTesla is back with a courier-themed campaign

Technical analysis by the Malware Hunter JAMESWT

New AgentTesla courier-themed campaign. The GZ attachment of the email directly contains the malware (an exe file). This steals sensitive information and exfilters it via FTP

AgentTesla returns with a new courier-themed campaign. The bait is an email about a false non-delivery with a document in GZ format attached.

This directly contains the malware (an executable file). When opened, it steals sensitive information from victims and exfilters it via FTP.

AgentTesla, in fact, through the keylogger function, is able to acquire everything the user types. Additionally, it can doctract emails and browser credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top