What is Agent Tesla?
Agent Tesla is a
spyware and data-stealing malware that has evolved since its first appearance in
2014. It is commonly distributed via:
- Phishing emails (malicious attachments)
- Fake software cracks/keygens
- Malicious ads (malvertising)
- Infected USB drives
Agent Tesla Builder: Key Features
The
Agent Tesla Builder is a configuration tool that allows attackers to customize the malware before deployment. Key features include:
1. Payload Customization
- Generates .exe, .dll, or script-based payloads.
- Supports multiple infection methods (e.g., document macros, fake installers).
2. Persistence Mechanisms
- Adds itself to Windows Startup (Registry, Task Scheduler).
- Uses process hollowing (injects into legitimate processes like explorer.exe).
3. Data Theft Capabilities
- Keylogging
- Clipboard theft
- Form grabbing
- Screen capture
4. Communication & Exfiltration
- SMTP, FTP, Telegram, or HTTP for data exfiltration.
- Encrypted C2 (Command & Control) communication.
5. Anti-Analysis & Evasion
- Code obfuscation
- VM/Sandbox detection
- Delayed execution
