Cybercrime, AgentTesla hides in a fake RFQ email from Thailand
The compressed attachment contains an exe file: the malware. The stolen data is exfiltrated via SMTP to an email address.
Cybercrime, new wave of Agent Tesla campaign from IP 94.156.102.158
The template switches from RFQ to order, but the trap is the same: arj attachment with BAT/VBS, which downloads and executes malware. Data is exfiltrated via SMTP to an email.
Cybercrime, false email from Oman conveys the RFQ-themed Agent Tesla campaign
The arj attachment contains a bat file with a VBS, which downloads and runs the malware. Stolen data is exfiltrated on an email via SMTP.
Cybercrime, new Agent Tesla campaign via CHM
The email gz attachment contains the file, which contacts a url to download and decrypt the malware. Data is stolen via FTP.
Cybercrime, double AgentTesla campaign via quotation
Two emails convey as many attachments, theoretically different but in reality the same. They are two loaders that download the malware. One works and the other not.
Cybercrime, AgentTesla is hiding in a fake Swift transfer
R11 email attachment contains an exe file: the malware itself. Stolen data is exfiltrated via Telegram.
Cybercrime, the mail “STC-PI 07019 hides AgentTesla
The gz attachment contains an exe file: the malware itself. The data is exfiltrated via Telegram.
Cybercrime, the “PURCHASE ORDER POR 22209” mail conveys AgentTesla
R00 attachment contains an exe file: the malware itself. Stolen data is exfiltrated via the Telegram API.
Cybercrime, AgentTesla campaign via DHL shipping
The gz attachment contains an exe file: the malware itself. Stolen data is exfiltrated via smtp from a compromised account to a gmail recipient.
Cybercrime, AgentTesla spread from a fake metal order from Italy
R00 attachment contains an exe: the malware itself. Stolen data is exfiltrated through Telegram API.