Objective: to counter the growing spread of fake news and disinformation against Paris and its Armed Forces. Parly: “We want to win the war before the war.”
Technical analysis by the Malware Hunter JAMESWT
New Agent Tesla campaign via fake DHL delivery confirmation. The email contains a cab attachment. Inside is an exe, the malware itself. This steals data and exfilters it via SMTP
Fake DHL delivery confirmation carries the latest global Agent Tesla campaign. The compressed attachment of the email in cab format contains an executable file.
This is the malware itself and if it is open, the chain of infection is activated. Once inside the machine, it steals information which it then exfilters via SMTP.
Agent Tesla, in fact, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.