The xz attachment of a fake bank email contains an exe file: the malware.
Auchan Poland bait for an AgentTesla campaign. The doc attachment contacts a link, also used for Lokibot, and downloads the malware. The stolen data is exfiltrated to an email via SMTP
The new AgentTesla global campaign uses a fake Auchan invoice from Poland as bait.
The doc attachment, exploiting a vulnerability, contacts a link (also used in the past to convey Lokibot) and downloads the malware. The stolen data is then exfiltrated via SMTP to an email address.
AgentTesla, through the keylogger function, is able to acquire everything the user types. Also, it can steal emails and browser credentials and take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.