The email rar attachment contains an exe file: the malware itself.
Technical analysis by the Malware Hunter JAMESWT
AgentTesla via Guloader and purchase order. The Gz attachment of the email contains an exe: the loader, which contacts another url and downloads the final malware
A false purchase order conveys a new AgentTesla campaign, which goes through Guloader.
The gz attachment contains an exe: the loader that contacts another url and downloads the final malware. AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.