A zip attachment contains a img with an exe: the malware. The other, a pdf downloading a zip with an exe: the same malware. The data is exfiltrated via SMTP.
Cybercrime, the Bangladesh-themed AgentTesla campaign changes template
Bangladesh-themed AgentTesla campaign changes template. The .z attachment of an email that simulates a legitimate sender contains an exe: the malware. The stolen data is exfiltrated via STMP to the same server as the RFQ campaign
The Bangladesh-themed AgentTesla campaign changes template. The bait this time is a fake account statement.
The .z attachment of an email, in which it is simulated that the sender is legitimate and certified, contains an exe file: the malware. The stolen data is exfiltrated via STMP, using the same server used in the RFQ-themed campaign.
The senders, however, in both cases come from Bangladesh and are part of the banking sector. Presumably, these are real compromised corporate mail accounts. AgentTesla, through the keylogger function, is able to acquire everything the user types. Also, it can steal emails and browser credentials and take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.