The “Request for Quotation” email bait for AgentTesla. The attached doc, exploiting the Equation Editor vulnerability, contacts a url (http://mail.treeoflifeadventures.com/wp-content/plugins/70d5e28f51c1438d94e3e6dc84b95311/xt/mmd/shell/shenakyoung2.1.exe) and downloads an exe: the malware

The “Request for Quotation” email is the bait of a new AgentTesla campaign.

The attached doc, exploiting the Equation Editor vulnerability, contacts a url (http://mail.treeoflifeadventures.com/wp-content/plugins/70d5e28f51c1438d94e3e6dc84b95311/xt/mmd/shell/shenakyoung2.1.exe) and downloads an exe file: the malware. AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal emails and browser credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.