skip to Main Content

Cybercrime, AgentTesla spread from a fake metal order from Italy

Malware Hunter JAMESWT Technical Analysis

AgentTesla spread by a fake metal order from Italy. R00 attachment contains an exe: the malware itself. Stolen data is exfiltrated through Telegram APIs

A false metal order from an Italian company hides the new AgentTesla campaign.

R00 attachment contains an exe file: the malware itself. The stolen data is then exfiltrated through the Telegram APIs.

Agent Tesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top