skip to Main Content

Cybercrime, the “PURCHASE ORDER POR 22209” mail conveys AgentTesla

Malware Hunter JAMESWT Technical Analysis

The “PURCHASE ORDER POR 22209” email carries AgentTesla. R00 attachment contains an exe file: the malware itself. Stolen data is exfiltrated via the Telegram API

The email with the subject “PURCHASE ORDER POR 22209” spreads a new AgentTesla campaign.

The r00 attachment contains an exe file: the malware itself. This, if opened, activates the chain of infection. The stolen data is exfiltrated via Telegram API.

Agent Tesla, through the keylogger function, is able to acquire everything the user types. In addition, it can steal emails and browser credentials and take screenshots. Finally, it has the possibility to issue commands remotely on the infected PC, how to download additional payloads or update existing ones.

Back To Top