A zip attachment contains an iso with an exe: the malware. The other, a pdf downloading a zip with an exe: the same malware. The data is exfiltrated via SMTP.
Cybercrime, AgentTesla is hiding in a fake Swift transfer

Technical analysis by the Hunter JAMESWT malware
AgentTesla is hiding in a fake Swift transfer. R11 email attachment contains an exe file: the malware itself. Stolen data is exfiltrated via Telegram
AgentTesla is hidden inside an email about a fake Swift transfer.
R11 email attachment contains an exe file: the malware itself. The stolen data, on the other hand, is exfiltrated through Telegram.
AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.