The templates change, but the bait remains the same: a package in storage. The goal is to make the user enter sensitive data on a fake site to steal it and activate a subscription.
Cybercrime, new double AgentTesla global campaign
Malware Hunter JAMESWT Technical Analysis
Double AgentTesla global campaign. The rar and r00 attachments of two different emails contain the same exe file: the malware. Stolen data is exfiltrated via smtp
Double global AgentTesla global campaign via email with the subject “RE: OUTSTANDING STATEMENT” and “RE: ENQUIRY ORDER”.
The compressed attachments, rar and r00 respectively, contain the same exe file – malware. The stolen files are then exfiltrated via smtp.
AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.