skip to Main Content

Cybercrime, ArcelorMittal lure for an AgentTesla campaign

Technical analysis by the Malware Hunter JAMESWT

ArcelorMittal lure for an AgentTesla campaign. The executable in the attachment creates and saves two files in the Windows temp folder: the malware itself. The files are exfiltrated via FTP

ArcelorMittal is the bait of an email to convey AgentTesla.

The compressed attachment contains an executable. This creates and saves two files in the Windows temp folder, the malware itself. The stolen data is then exfiltrated via FTP.

AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top