AhnLab cybersecurity researchers: The malware is downloaded and executed from a WSF file within a compressed file, delivered via URL in phishing emails.
Malware Hunter JAMESWT Technical Analysis
The mail “Re: FW: Quotation – Urgent” bait for AgentTesla. The Img attachment contains an exe file disguised as a pdf: the malware itself. Stolen data is exfiltrated via smtp
“Re: FW: Quotation – Urgent” is the subject of a new email spreading AgentTesla’s global campaign.
The Img attachment contains an exe file disguised as a pdf: the malware itself. The stolen data is then exfiltrated via smtp.
AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.