Cybercrime, false payment spread zgRAT via AgentTesla
The email rar attachment contains an exe file: the first malware, which downloads the second. The stolen data is exfiltrated via SMTP.
Cybercrime, Raccoon Stealer hidden in a fake complaint about a purchase
The link points to a page from which you download an xll file: the loader. This then in turn downloads a zip with the malware inside.
Cybercrime, second consecutive day for SnakeKeylogger via Garanti BBVA
The email changes the text and the compressed attachment. Inside, however, there is an exe with the same malware and the stolen data is exfiltrated via Telegram Api to the same C2.
Cybercrime, new zgRAT campaign via AgentTesla and fake offer list
The rar attachment contains an exe file: the first malware, that downloads the second payload.
Cybercrime, Snakekeylogger hides in a SWIFT transfer
The tar attachment of a fake email from Garanti BBVA contains an exe: the malware. Stolen data is exfiltrated via Telegram API.
Cybercrime, BlueStealer (alias DarkCloud) is back
A fake email from an Indian company contains an r.00 attachment, with an exe file inside: the malware. The infostealer doesn’t have a C2, but sends the stolen data by email.
Cybercrime, triple Modiloader campaign via compressed attachments
Three emails carry different files, but which contain the same malware. It's unclear what the next payload is, as the packer doesn't seem to work.
Cybercrime, fake account statement of Garanti BBVA carries SnakeKeylogger
The email 7z attachment contains an exe file – the malware. The stolen data is then exfiltrated via Telegram API.
Cybercrime, Second day for the new courier-themed AgentTesla campaign
The text is identical to that of the previous day. Only the attachment, which however contains an exe file - the malware – changes.
Cybercrime, AgentTesla campaign via fake DHL email
Z attachment contains an exe file: the malware. The campaign, however, has another C2 than those of these days that use the courier as bait.