skip to Main Content

Cybercrime, new Agent Tesla campaign via fake DHL delivery confirmation

Technical analysis by the Malware Hunter JAMESWT

New Agent Tesla campaign via fake DHL delivery confirmation. The email contains a cab attachment. Inside is an exe, the malware itself. This steals data and exfilters it via SMTP

Fake DHL delivery confirmation carries the latest global Agent Tesla campaign. The compressed attachment of the email in cab format contains an executable file.

This is the malware itself and if it is open, the chain of infection is activated. Once inside the machine, it steals information which it then exfilters via SMTP.

Agent Tesla, in fact, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top