The “Re: RFQ” email also baits SnakeKeylogger in Italy. The “RFQ-000267RET9084.img” attachment contains the “RFQ_002.exe” exe file : the malware. Stolen data is exfiltrated via Telegram API

The email with the subject “Re: RFQ” is the bait for a new SnakeKeylogger campaign.

The “RFQ-000267RET9084.img” attachment contains the “RFQ_002.exe” exe file: the malware.

The stolen data is then exfiltrated via Telegram API. Indeed, SnakeKeylogger is an info-stealer capable of acquiring information through various methods.