Malware Hunter JAMESWT Technical Analysis

Double AgentTesla global campaign. The rar and r00 attachments of two different emails contain the same exe file: the malware. Stolen data is exfiltrated via smtp

Double global AgentTesla global campaign via email with the subject “RE: OUTSTANDING STATEMENT” and “RE: ENQUIRY ORDER”.

The compressed attachments, rar and r00 respectively, contain the same exe file – malware. The stolen files are then exfiltrated via smtp.

AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.