Agent Tesla
Description
(Fortinet) FortiGuard Labs recently captured some malware which was developed using the Microsoft .Net framework. I analyzed one of them, it’s a new variant from AgentTasla family. In this blog, I’m going to show you how it is able to steal information from a victim’s machine.
The malware was spread via a Microsoft Word document that contained an auto-executable malicious VBA Macro.
Names
| Name |
|---|
| Agent Tesla |
| AgentTesla |
| AgenTesla |
| Origin Logger |
| Negasteal |
| ZPAQ |
Category
Malware
Type
- Keylogger
- Info stealer
Information
- https://www.fortinet.com/blog/threat-research/in-depth-analysis-of-net-malware-javaupdtr.html
- https://blog.malwarebytes.com/threat-analysis/2020/04/new-agenttesla-variant-steals-wifi-credentials/
- https://researchcenter.paloaltonetworks.com/2017/09/unit42-analyzing-various-layers-agentteslas-packing/
- https://malwarebreakdown.com/2018/01/11/malspam-entitled-invoice-attched-for-your-reference-delivers-agent-tesla-keylogger/
- https://www.zscaler.com/blogs/research/agent-tesla-keylogger-delivered-using-cybersquatting
- https://www.fortinet.com/blog/threat-research/analysis-of-new-agent-tesla-spyware-variant.html
- https://thisissecurity.stormshield.com/2018/01/12/agent-tesla-campaign/
- https://blogs.forcepoint.com/security-labs/part-two-camouflage-netting
- https://www.deepinstinct.com/2020/07/02/agent-tesla-a-lesson-in-how-complexity-gets-you-under-the-radar/
- https://labs.sentinelone.com/agent-tesla-old-rat-uses-new-tricks-to-stay-on-top/
- https://www.area1security.com/blog/facemask-phishing-agent-tesla-malware/
- https://www.deepinstinct.com/2020/10/29/the-hasty-agent-agent-tesla-attack-uses-hastebin/
- https://cofense.com/strategic-analysis-agent-tesla-expands-targeting-and-networking-capabilities/
- https://news.sophos.com/en-us/2021/02/02/agent-tesla-amps-up-information-stealing-attacks/
- https://www.riskiq.com/blog/external-threat-management/agent-tesla-trend-analysis/
- https://www.fortinet.com/blog/threat-research/phishing-malware-hijacks-bitcoin-addresses-delivers-new-agent-tesla-variant
- https://securityaffairs.co/wordpress/123039/malware/agent-tesla-c2c-dumped.html
- https://www.fortinet.com/blog/threat-research/fake-purchase-order-used-to-deliver-agent-tesla
- https://unit42.paloaltonetworks.com/excel-add-ins-malicious-xll-files-agent-tesla/
- https://unit42.paloaltonetworks.com/malicious-compiled-html-help-file-agent-tesla/
- https://cofense.com/blog/the-rise-of-agent-tesla-understanding-the-notorious-keylogger/
- https://www.fortinet.com/blog/threat-research/agent-tesla-variant-spread-by-crafted-excel-document
- https://www.mcafee.com/blogs/other-blogs/mcafee-labs/agent-teslas-unique-approach-vbs-and-steganography-for-delivery-and-intrusion/
- https://asec.ahnlab.com/en/57546/
- https://www.gdatasoftware.com/blog/2023/11/37822-agent-tesla-zpaq
- https://www.forcepoint.com/blog/x-labs/agent-tesla-malware-attacks-travel-industry
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/agent-teslas-new-ride-the-rise-of-a-novel-loader/
- https://blog.checkpoint.com/research/agent-tesla-targeting-united-states-australia-revealing-the-attackers-identities/
- https://cofense.com/blog/agent-tesla-the-punches-keep-coming/
- https://www.fortinet.com/blog/threat-research/new-agent-tesla-campaign-targeting-spanish-speaking-people
Mitre Attack
Malpedia
Alienvault Otx
Playbook
Other Information
Uuid
fe58993d-9e29-4ff8-8bb1-b580762bbe7d
Last Card Change
2024-06-19