skip to Main Content

Cybercrime, second Agent Tesla campaign in one day

Technical analysis by the Malware Hunter JAMESWT

Second Agent Tesla campaign in one day. The zip attachment contains an exe: the malware itself, which exfilters data via smtp. Host and credentials are the same as that on the purchase order from Dubai

Second Agent Tesla campaign in a single day. The bait this time is a fake SWIFT transfer.

The email zip attachment contains an exe file: the malware itself. This, if opened, activates the infection. Once inside the computer, it steals information and exfilters it via smtp.

Moreover, the host and credentials are the same as those used by today’s campaign on the theme of purchase orders from Dubai. It is therefore conceivable that this is a single wave, which uses various types of bait and attachments. Agent Tesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top