win.agent_tesla (Back to overview)

Agent Tesla

URLhaus              

A .NET based keylogger and RAT readily available to actors. Logs keystrokes and the host's clipboard and beacons this information back to the C2.

References
https://researchcenter.paloaltonetworks.com/2017/09/unit42-analyzing-various-layers-agentteslas-packing/
https://malwarebreakdown.com/2018/01/11/malspam-entitled-invoice-attched-for-your-reference-delivers-agent-tesla-keylogger/
https://www.zscaler.com/blogs/research/agent-tesla-keylogger-delivered-using-cybersquatting
https://blog.fortinet.com/2017/06/28/in-depth-analysis-of-net-malware-javaupdtr
https://www.fortinet.com/blog/threat-research/analysis-of-new-agent-tesla-spyware-variant.html
https://thisissecurity.stormshield.com/2018/01/12/agent-tesla-campaign/
https://blogs.forcepoint.com/security-labs/part-two-camouflage-netting

There is no Yara-Signature yet.