It asks to open a link to revise an agreement. It lands to a website that simulates the victim’s organization homepage, in which the user has only to digit the password.
Malware Hunter JAMESWT Technical Analysis
New Agent Tesla campaign via CHM. The email gz attachment contains the file, which contacts a url to download and decrypt the malware. Data is stolen via FTP
A false order conveys a new AgentTesla campaign, which goes through CHM.
The email gz attachment contains the file, which contacts a url to download and decrypt the malware. Data is stolen via FTP.
AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.