skip to Main Content

Cybercrime, new Agent Tesla campaign via request for quotation (RFQ)

Technical analysis by the Malware Hunter JAMESWT

New Agent Tesla campaign via request for quotstion (RFQ). The email gz attachment contains an exe: the malware itself. This steals data and exfilters it via FTP

A false request for quotations (RFQ) conveys the latest Agent Tesla global cybercrime campaign. The compressed email attachment in gz format contains an exe file, the malware itself.

This, if opened, triggers the infection of the malware. Once inside the machine, he steals information which he then exfiltrates via FTP.

Agent Tesla, in fact, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top