Objective: to counter the growing spread of fake news and disinformation against Paris and its Armed Forces. Parly: “We want to win the war before the war.”
Technical analysis by the Malware Hunter JAMESWT
Second Agent Tesla campaign in one day. The zip attachment contains an exe: the malware itself, which exfilters data via smtp. Host and credentials are the same as that on the purchase order from Dubai
Second Agent Tesla campaign in a single day. The bait this time is a fake SWIFT transfer.
The email zip attachment contains an exe file: the malware itself. This, if opened, activates the infection. Once inside the computer, it steals information and exfilters it via smtp.
Moreover, the host and credentials are the same as those used by today’s campaign on the theme of purchase orders from Dubai. It is therefore conceivable that this is a single wave, which uses various types of bait and attachments. Agent Tesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.