AgentTesla now switches from bat files via Lebanon. The zip attachment of the “PURCHASE ORDER” email contains a bat file. This runs a PS, which infects the machine with malware. The stolen data is exfiltrated via SMTP

AgentTesla hides inside a fake email from Lebanon.

The zip attachment of the “PURCHASE ORDER” message contains a bat file. This runs a PS, which infects the machine with malware. The stolen data is exfiltrated via SMTP.

AgentTesla, through the keylogger function, is able to acquire everything the user types. Also, it can steal emails and browser credentials and take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.