skip to Main Content

Cybercrime, AgentTesla via Guloader and purchase order

Technical analysis by the Malware Hunter JAMESWT

AgentTesla via Guloader and purchase order. The Gz attachment of the email contains an exe: the loader, which contacts another url and downloads the final malware

A false purchase order conveys a new AgentTesla campaign, which goes through Guloader.

The gz attachment contains an exe: the loader that contacts another url and downloads the final malware. AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top