The gz attachment of the “Payment Advice - Ref: [HSBC1057029141] /RFQ Priority Payment / Customer Ref: [PI10771QT90]” email contains an exe file: the malware.
Cybercrime, double “price” themed AgentTesla campaign
Double AgentTesla campaign with a “price” theme. A zip attachment contains an img with an exe: the malware. The other, a pdf downloading a zip with an exe: the same malware. The data is exfiltrated via SMTP
Double AgentTesla campaign with a “price” theme. The email “R e: Fw:Inquiry for 2023 New Products Prices” contains 2 zip attachments.
One (New Prices List) inside has an img file with an exe – the malware. The other (Prices) hides a pdf contacting a link and downloads a password protected zip file (provided in the pdf).
Inside is another exe: the same malicious payload. The stolen data is exfiltrated via SMTP.
AgentTesla, through the keylogger function, is able to acquire everything the user types. Also, it can steal emails and browser credentials and take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.