Technical analysis by the Malware Hunter JAMESWT

Triple malware campaign in a single email. Three gz attachments carry SnakeKeylogger, AgentTesla, and a Python executable, which should download another payload. In the first two cases, the stolen data is exfiltrated via SMTP

Triple malware campaign in a single email from a company in Pakistan.

The three gz attachments carry SnakeKeylogger, Agent Tesla and an executable written in Python, which should download an additional payload, currently unknown.

Each file contains an exe, which – if opened – starts the infection. Furthermore, data stolen by SnakeKeylogger and AgentTesla is exfiltrated by cybercrime actors via SMTP.