skip to Main Content

Cybercrime, three AgentTesla campaigns in one day

Malware Hunter JAMESWT Technical Analysis

Three AgentTesla campaigns in one day. In two cases, these are generic, but also arrived in Italy. The third they is targeted. The compressed files contain an exe: the malware itself. Stolen data is exfiltrated via smtp

Three AgentTesla campaigns in one day. Two are general, but they also involved Italy, and the last one is specifically directed against the country.

  

The mails have attached R01, r00 and 7z. All of them contain an exe file – the malware itself. The stolen data is exfiltrated in any case via smtp.

  

AgentTesla, through the keylogger function, is able to acquire everything the user types. Furthermore, it can steal browser emails and credentials and take screenshots. Finally, it has the ability to remotely issue commands on the infected PC, such as downloading additional payloads or updating existing ones.

Back To Top