Purchase order from Spain bait for AgentTesla. The fake pdf attached to the “PURCHASE ORDER 05-30-2023” email contains a link, from which you download a tgz file with a TAR, inside which there is an exe: the malware

A purchase order is the bait for a new AgentTesla campaign, which passes through Spain.

The fake pdf document attached to the “PURCHASE ORDER 05-30-2023” email contains the https://www.mediafire.com/file/t9xsunynmisyk8k/PURCHASE+ORDER.tgz/file link, from which you download a tgz compressed file with a TAR, inside which there is an exe: the malware. Stolen data is exfiltrated via Telegram API.

AgentTesla, through the keylogger function, can capture everything the user types. Also, it can steal emails and browser credentials and take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.