skip to Main Content

Cybercrime, double AgentTesla campaign via quotation

Technical analysis by the Malware Hunter JAMESWT

Double AgentTesla campaign via quotation. Two emails convey as many attachments, theoretically different but in reality the same. They are two loaders that download the malware. One works and the other not

A product quotation request conveys a new global AgentTesla campaign. There are two emails in circulation with identical texts and exe attachments.


The latter, however, are masked by documents with different extensions. Files are loaders that download and install malware. One of the two variants failed, but the other works perfectly.


Stolen data is exfiltered by smtp.

AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top