skip to Main Content

Cybercrime, DHL-themed AgentTesla campaign via Guloader

Malware Hunter JAMESWT Technical Analysis

DHL-themed AgentTesla campaign via Guloader. The email gz attachment contains an exe file: the loader. This contacts a url and downloads the final malware. Stolen data is exfiltrated via ftp

A fake email from DHL is bait for an AgentTesla campaign via Guloader.

The gz attachment contains an exe file: the loader itself. This contacts a url and downloads the final malware.

Once installed, the stolen data is exfiltrated via ftp. AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top