VERY IMPORTANT

This analysis examines a sophisticated multi-stage infection chain utilizing Agent Tesla malware. The attack begins with a phishing email containing a RAR file, which includes an obfuscated JSE file. This initial stage triggers a series of script-based evasions, leading to the download and decryption of a PowerShell script. The malware then employs process hollowing to inject its payload into a legitimate Windows process, evading detection. Before exfiltrating data, the malware performs anti-analysis checks to avoid security software and virtual environments. Finally, Agent Tesla harvests sensitive information, including browser cookies and contacts, exfiltrating the data via SMTP to a command-and-control server.