The fake pdf attached to the "PURCHASE ORDER 05-30-2023" email contains a link, from which you download a tgz file with a TAR, inside which there is an exe: the malware.
Cybercrime, the “Re: RFQ” email baits for SnakeKeylogger
The “Re: RFQ” email also baits SnakeKeylogger in Italy. The “RFQ-000267RET9084.img” attachment contains the “RFQ_002.exe” exe file : the malware. Stolen data is exfiltrated via Telegram API
The email with the subject “Re: RFQ” is the bait for a new SnakeKeylogger campaign.
The “RFQ-000267RET9084.img” attachment contains the “RFQ_002.exe” exe file: the malware.
The stolen data is then exfiltrated via Telegram API. Indeed, SnakeKeylogger is an info-stealer capable of acquiring information through various methods.