The email rar attachment contains an exe file: the malware itself.
Malware Hunter JAMESWT Technical Analysis
New AgentTesla DHL-themed campaign via Guloader. The Gz attachment of a fake courier email contains an exe: the loader, which contacts another url and downloads the final malware
“#DHL Air Waybill Number: 290132731” is the subject of a fake email from the courier, which conveys a new AgentTesla campaign via Guloader.
The Gz attachment contains an exe: the loader, which contacts another url and downloads the final malware.
AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.