We are seeing a continuation of the new style AgentTesla malspam campaign again this morning. This is still using a multistage downloader eventually resulting in the AgentTesla keylogger / infostealer being run on the victim’s computer as a fileless malware. The initial stage today is a .exe file though not a word doc / rtf f=doc in the manner we saw on Friday 21 June 2019. These are abusing the semi-legitimate pastebin alternative to host the malware in base64 encoded plain txt https://paste.ee Today’s version starts with a .exe file inside the zip attachment This is a downloader that calls … Continue reading →