Double AgentTesla campaign via China and Türkiye. The “URGENT REQUEST FOR PRICE OFFER” and “Ürün 56787898 için sipariş” email attachments contain an exe: the malware. Data is stolen via SMTP and Telegram API

Double AgentTesla campaign via China and Türkiye.

The attachments of the “URGENT REQUEST FOR PRICE OFFER” and “Ürün 56787898 için sipariş” emails contain an exe: the malware. In the first case, the stolen data is exfiltrated via SMTP, while in the second via Telegram API.

AgentTesla, through the keylogger function, is able to acquire everything the user types. Also, it can steal emails and browser credentials and take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.