skip to Main Content

Cybercrime, double AgentTesla campaign with a courier / shipper theme

Malware Hunter JAMESWT Technical Analysis

Double AgentTesla courier / forwarding themed campaign. The emails contain a link that downloads an iso with the malware inside or a 7z with the malicious exe inside

Double AgentTesla campaign with couriers and freight shippers. In one case, the link in the email downloads an iso file with an exe inside: malware.

 

In the other, attachment 7z directly contains the malicious executable and the stolen files are exfiltrated via Telegram Api.

 

AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top