Cybercrime, double AgentTesla campaign via quotation
Two emails convey as many attachments, theoretically different but in reality the same. They are two loaders that download the malware. One works and the other not.
Cybercrime, AgentTesla is hiding in a fake Swift transfer
R11 email attachment contains an exe file: the malware itself. Stolen data is exfiltrated via Telegram.
Cybercrime, the mail “STC-PI 07019 hides AgentTesla
The gz attachment contains an exe file: the malware itself. The data is exfiltrated via Telegram.
Cybercrime, the “PURCHASE ORDER POR 22209” mail conveys AgentTesla
R00 attachment contains an exe file: the malware itself. Stolen data is exfiltrated via the Telegram API.
Cybercrime, AgentTesla campaign via DHL shipping
The gz attachment contains an exe file: the malware itself. Stolen data is exfiltrated via smtp from a compromised account to a gmail recipient.
Cybercrime, AgentTesla spread from a fake metal order from Italy
R00 attachment contains an exe: the malware itself. Stolen data is exfiltrated through Telegram API.
Cybercrime, AgentTesla hides in a fake email about a payment
The gz attachment contains an exe file: the malware itself. Stolen data is exfiltrated via FTP.
Cybercrime, ArcelorMittal lure for an AgentTesla campaign
The executable in the attachment creates and saves two files in the Windows temp folder: the malware itself. The files are exfiltrated via FTP.
Cybercrime, Agent Tesla is hiding in a fake “FW:Order” email
The gz attachment contains an exe file: the malware itself. Data is stolen via FTP.
Cybercrime, “Purchase Order No. PO-109688 ” mail conveys AgentTesla
Technical analysis by the Malware Hunter JAMESWT “Purchase Order No. PO-109688 " mail conveys AgentTesla. The exe in email XZ attachment downloads other components and starts the malware infection. Data is exfiltrated via FTP "Purchase Order No. PO-109688" is the…