The xz attachment of a fake bank email contains an exe file: the malware.
AgentTesla spread by real emails from UAE engineering companies. All the messages have the same attachment: an img file with an exe inside, the malware itself. Stolen data is exfiltrated via FTP
Someone is exploiting UAE engineering companies to convey AgentTesla. These days, real emails from companies in the sector are in circulation, featuring an identical attachment: the “RFQ102822-MACHINE SPECIFICATION” img file.
Inside is an executable, the malware itself. Stolen data is exfiltrated via FTP.
AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.