skip to Main Content

Cybercrime, new AgentTesla campaign via double invoice

Technical analysis by the Malware Hunter JAMESWT

New AgentTesla campaign via double invoice. The email gz attachment contains an exe: the malware itself. The stolen data is then exfiltrated with ftp

AgentTesla is back in a new global campaign with a double invoice theme.

The email gz attachment contains an exe: the malware itself. This, if opened, activates the chain of infection. Once installed on the victim’s computer, the stolen data is exfiltrated by the cybercrime actors via ftp.

Agent Tesla, in fact, through the keylogger function, is able to acquire everything the user types. Furthermore, he can steal browser emails and credentials and take screenshots. Finally, he has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top