TAG cybersecurity experts: The breadth of targets in those campaigns stands in contrast to many government-backed operations.
Malware Hunter JAMESWT Technical Analysis
“NEW ORDER” campaign conveys AgentTesla. The zip attachment contains an exe file: the malware itself. Stolen data is exfiltrated via SMTP
“NEW ORDER” is the subject of an email that conveys a new AgentTesla campaign.
The zip attachment contains an exe file: the malware itself. Stolen data is exfiltrated via SMTP.
AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.