Cybercrime, double AgentTesla campaign via quotation
Two emails convey as many attachments, theoretically different but in reality the same. They are two loaders that download the malware. One works and the other not.
Cybercrime, SnakeKeylogger campaign via “RE:conferma d’ordine XX”
The uue attachment contains an exe: a loader that downloads the malware and runs it by infecting the machine. Data is stolen via smtp and api telegram.
Cybercrime, AgentTesla campaign via DHL shipping
The gz attachment contains an exe file: the malware itself. Stolen data is exfiltrated via smtp from a compromised account to a gmail recipient.
Cybercrime, “Re: Payment Copy” email spreads new AgentTesla campaign
The gz attachment contains an exe file: the malware itself. If opened, the chain of infection is activated. Stolen data is exfiltrated via smtp.
Cybercrime, Agent Tesla campaign via email on “RE: ENQUIRIES”
The message rar attachment contains an executable file: the malware itself. Stolen data is exfiltrated with smtp.
Cybercrime, fake mail DHL conveys the new Agent Tesla campaign
The gz attachment contains a zip file: the malware itself. Stolen data is exfiltrated via smtp.
Cybercrime, new AgentTesla campaign via “purchase enquiry”
The email rar attachment contains an exe: the malware itself. The stolen data is then exfiltrated with smtp.
Cybercrime, AgentTesla conveyed by a false invoice with sender in Rome
The zip attachment of the message, also arrived in Italy, contains an exe: the malware itself. Stolen data is exfiltrated via SMTP.
Cybercrime: triple malware campaign in a single email from Pakistan
Three gz attachments carry SnakeKeylogger, AgentTesla, and a Python executable, which should download another payload. In the first two cases, the stolen data is exfiltrated via SMTP.
Cybercrime, the FYI ! Attention! campaign spreads Agent Tesla
The exe attachment is the malware itself and if opened it activates the chain of infection. Stolen information is exfiltrated via smtp.