skip to Main Content

Cybercrime, Agent Tesla campaign via email on “RE: ENQUIRIES”

Technical analysis by the Malware Hunter JAMESWT

Agent Tesla campaign via email with the subject “RE: ENQUIRIES”. The message rar attachment contains an executable file: the malware itself. Stolen data is exfiltrated with smtp

A fake email from an Omani company with the subject “RE: INQUIRIES” conveys a new Agent Tesla campaign.

The rar attachment contains an exe: the malware itself. This, if open, activates the chain of infection.

The stolen data is then exfiltrated via smtp.

Agent Tesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top