“FQ quotations….>” carries HawkEye/MailPassView and AgentTesla. The zip attachment contains two exe files: “LPO Samples Xls” and “Purchase Order Details XLs”: the malware. AgentTesla exfiltrates stolen data via FTP

The email “FQ quotations….>” is the decoy used to convey a HawkEye/MailPassView and AgentTesla campaign.

The “Purchase orders Lists & LPO Samples #08XXX0502009 XLs.zip” attachment contains two exe files: “LPO Samples Xls” and “Purchase Order Details XLs”: the malware. AgentTesla exfiltrates stolen data via FTP.

Both, through the keylogger function, are able to acquire everything the user types. Furthermore, they can steal emails and browser credentials and take screenshots. Finally, they have the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.