skip to Main Content

Cybercrime, AgentTesla now passes by a company in Portugal

Malware Hunter JAMESWT Technical Analysis

AgentTesla now passes by a company in Portugal with an invoice-themed campaign. The rar attachment contains Guloader, that contacts a link and downloads the final malware

A false invoice from a real company in Portugal is the lure to convey a new AgentTesla campaign, which passes through Guloader.

The email rar attachment contains an exe file: the loader. This contacts a link and downloads the final malware. AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top