The gz attachment of the “Payment Advice - Ref: [HSBC1057029141] /RFQ Priority Payment / Customer Ref: [PI10771QT90]” email contains an exe file: the malware.
Cybercrime, AgentTesla uses the Chinese box trick
AgentTesla uses the Chinese box trick. The zip attachment of an email about a fake invoice contains an iso file with an exe inside: the malware. The stolen data is exfiltrated via SMTP to an email address
AgentTesla uses the Chinese box trick to trick detection systems in a new invoice-themed campaign.
The “Pro-forma invoice” zip attachment of the email “RE: BP 1000005551 // REQUEST FOR QUOTATIONS// PEPTAPON 52 // Pro-forma Invoice 20000963” contains an iso file with an exe inside: the malware. The stolen data is exfiltrated via SMTP to an email address.
AgentTesla, through the keylogger function, is able to acquire everything the user types. Also, it can steal emails and browser credentials and take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.