Inside agenteV2: How Brazilian Attackers Use Fake Court Summons to Steal Banking Credentials in Real Time 

This report analyzes the agenteV2 campaign: a Brazilian-focused phishing operation delivering a VBS loader that installs a Nuitka-compiled stealer DLL which establishes a persistent WebSocket backdoor (uws://) to stream the victim's screen and provide an interactive remote shell for operator-assisted banking fraud; the analysis provides full infection-chain details, IOCs (domains, IPs, hashes, JA3), MITRE mapping, and remediation/detection recommendations.