skip to Main Content

Cybercrime, new Agent Tesla campaign via CHM

Malware Hunter JAMESWT Technical Analysis

New Agent Tesla campaign via CHM. The email gz attachment contains the file, which contacts a url to download and decrypt the malware. Data is stolen via FTP

A false order conveys a new AgentTesla campaign, which goes through CHM.

The email gz attachment contains the file, which contacts a url to download and decrypt the malware. Data is stolen via FTP.

AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top