The “URGENT REQUEST FOR PRICE OFFER” and “Ürün 56787898 için sipariş” email attachments contain an exe: the malware. Data is stolen via SMTP and Telegram API.
The real companies email themed AgentTesla campaign restarts. The img attachment contains an exe file: the malware. The stolen data is exfiltrated through the usual FTP address
The real engineering-machinery companies email themed AgentTesla campaign, after the break for the weekend, resumes in full swing.
The img attachment contains an exe file: the malware. The stolen data is then exfiltrated through the usual FTP address.
AgentTesla, through the keylogger function, is able to acquire everything the user types. Also, it can steal emails and browser credentials and take screenshots. Finally, it has the ability to remotely issue commands to the infected PC, such as downloading additional payloads or updating existing ones.