This article has been indexed from SANS Internet Storm Center, InfoCON: green
A few days ago, I found an interesting file delivered by email (why change a winning combination?). The file has a nice extension: “.daa†(Direct Access Archive). We already reported such files in 2019 and Didier wrote a diary[1] about them. Default Windows installation, can't process “.daa†files, you need a specific tool to open them (like PowerISO). I converted the archive into an ISO file and extracted the PE file inside it.
Read the original article: Agent.Tesla Dropped via a .daa Image and Talking to Telegram, (Sat, Jul 24th)