Volexity cybersecurity experts: The North Korea’s APT uses a fake trading website, that mimic a legit one, and DLL Side-loading to distribute the malware.
Malware Hunter JAMESWT Technical Analysis
AgentTesla now passes by a company in Portugal with an invoice-themed campaign. The rar attachment contains Guloader, that contacts a link and downloads the final malware
A false invoice from a real company in Portugal is the lure to convey a new AgentTesla campaign, which passes through Guloader.
The email rar attachment contains an exe file: the loader. This contacts a link and downloads the final malware. AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.