skip to Main Content

Cybercrime, the Agent Tesla campaign via purchase orders is back on track

Technical analysis by the Malware Hunter JAMESWT

The Agent Tesla campaign via purchase orders returns to the office after a day off. The email zip attachment contains an exe file, the malware itself. This steals information and exfilters it, this time via email

The global Agent Tesla campaign returns after a day off. The bait is always a fake email from a real company on a purchase order.

The compressed attachment in zip format contains an exe file, the malware itself. This, if open, activates the chain of infection. Once inside the target machine, it steals information and exfilters it, this time via email.

Agent Tesla, in fact, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top