The cybersecurity researcher and malware hunter, JAMESWT: The “RFQ Metabo.r00” attachment contains an exe: malware.
Stormkitty/SnakeKeylogger campaign via Garanti BBVA. 2 identical “Hesap hareketleriniz” emails contain the same r01 attachment, inside which there is an exe file: the malware. Stolen data is exfiltrated via Telegram API
A fake IBAN transfer from Garanti BBVA, arrived in double email, is the bait for a Stormkitty/SnakeKeylogger campaign.
The two identical “Hesap hareketleriniz” messages contain the same compressed attachment (r01), inside which there is an exe file: the malware. Stolen data is exfiltrated via Telegram API.
Indeed, SnakeKeylogger and StrormKitty are two info-stealers capable of acquiring information through various methods.