skip to Main Content

Cybercrime, multi-malware campaign via VelvetSweatshop

Technical analysis by the Malware Hunter JAMESWT

Cybercrime multi-malware campaign via VelvetSweatshop. Four emails with as many different xlsx attachments contact a single url and download Agent Tesla (two cases), Lokibot and Formbook

A new multiple cybercrime campaign, uses the VelvetSweatshop technique to convey three different malware through four different xlsx attachments.

The file in the email, if opened, contacts a single encoded url and downloads the malicious payload. In two cases it is Agent Tesla, in another Lokibot and in the last Formbook. The goal of cybercrime is to steal sensitive data from victims. Agent Tesla, Lokibot and Formbook, in fact, are all info-stealers.

Malware samples

Agent Tesla 1 C2s

Agent Tesla 2 C2s

Lokibot C2s

Formbook C2s

Back To Top