RFQ from Turkey carries AgentTesla and zgRAT. The zip attachment contains an exe file: the first malware, which downloads the second. The stolen data is then exfiltrated via SMTP

An RFQ of products from Turkey is the bait for a new AgentTesla and zgRAT campaign.

The zip attachment contains an exe file: the first malware which, via Powershell, downloads the second. The stolen data is then exfiltrated via SMTP.

AgentTesla, through the keylogger function, is able to acquire everything the user types. Also, it can steal emails and browser credentials and take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.