Cybercrime, double AgentTesla campaign via quotation
Two emails convey as many attachments, theoretically different but in reality the same. They are two loaders that download the malware. One works and the other not.
Technical analysis by the Malware Hunter JAMESWT “Purchase Order No. PO-109688 " mail conveys AgentTesla. The exe in email XZ attachment downloads other components and starts the malware infection. Data is exfiltrated via FTP "Purchase Order No. PO-109688" is the…