Cybercrime, Agent Tesla campaign via “Performa Invoice No. 21120211”
The email gz attachment contains an exe: the malware itself. Stolen data is exfiltrated through FTP.
Cybercrime, AgentTesla conveyed by a false invoice with sender in Rome
The zip attachment of the message, also arrived in Italy, contains an exe: the malware itself. Stolen data is exfiltrated via SMTP.
Cybercrime, new AgentTesla campaign via double invoice
The email gz attachment contains an exe: the malware itself. The stolen data is then exfiltrated with ftp.
Cybercrime, new Agent Tesla campaign via purchase order
The email gz attachment contains an exe: the malware itself. If opened, it activates the chain of infection. Stolen information is exfiltrated via FTP.
Cybercrime, the FYI ! Attention! campaign spreads Agent Tesla
The exe attachment is the malware itself and if opened it activates the chain of infection. Stolen information is exfiltrated via smtp.
Cybercrime, AgentTesla is now delivered via .xll attachments
Files packaged with Excel-DNA from which a dll containing 2 urls pointing to Discord is extracted. These download data files and encode them with XOR creating additional DLLs, which initiate the malware infection.
Cybercrime, Agent Tesla conveyed to Italy by a false order
The email gz attachment contains an exe: the malware itself. Stolen data is exfiltrated via ftp.
Cybercrime, new Agent Tesla campaign via fake automatic invoice email
The img attachment contains an exe: the malware itself. Stolen data is exfiltrated via smtp.
Cybercrime, false e-mail on RFQ/purchase order conveys Agent Tesla
The email gz attachment contains an exe: the malware itself. This, if opened, activates the infection chain. Stolen data is then exfiltrated via smtp.
Cybercrime, Agent Tesla hidden in a fake payment invoice
Technical analysis by the Malware Hunter JAMESWT Cybercrime, Agent Tesla hidden in a fake payment invoice. The email contains an exe and a zip with the same executable inside. Both are the malware. Data is exfiltered via smtp A payment…