![]() ![]() Field Notesįield Notes is a new blog post series meant to quickly share threat data, Indicators of Compromise, commentary on current events, or other brief types of analysis with the community at a higher level without performing in-depth reverse engineering or deep dives into a given campaign, actor, infrastructure, or otherwise. While not directly related, Agent Tesla could almost be considered an evolution of the Pony/Fareit malware family in that it is most often used in campaigns by being coupled with another primary malware payload and its main use is for information collection from infected hosts while the primary malware performs it’s designated task. ![]() ![]() Recently, Agent Tesla has been distributed in the wild through phishing emails and malicious Word documents containing macros to drop and execute the malware. It has many spyware like capabilities such as stealing credentials, keylogging, collecting screenshots, capturing web camera images, and gathering clipboard data, but it is often seen in more standard malware campaigns and uses common malware techniques for obfuscation, unpacking, and data collection. NET for Microsoft Windows systems and has much in common with spyware in it’s capabilities. We decided this was a good time to have a quick look at this malware family, it’s capabilities, and the artifacts found in the open directory.Īgent Tesla is a malware family written in. InQuest discovered an open directory hosting several Agent Tesla payloads, as well as several separate web panels for the administration of different Agent Tesla malware campaigns. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |