InQuest discovered an open directory hosting several Agent Tesla payloads, as well as several separate web panels for the administration of different Agent Tesla malware campaigns. We decided this was a good time to have a quick look at this malware family, it's capabilities, and the artifacts found in the open directory.
Agent Tesla is a malware family written in .NET for Microsoft Windows systems and has much in common with spyware in it's capabilities. It has many spyware like capabilities such as stealing credentials, keylogging, collecting screenshots, capturing web camera images, and gathering clipboard data, but it is often seen in more standard malware campaigns and uses common malware techniques for obfuscation, unpacking, and data collection. Recently, Agent Tesla has been distributed in the wild through phishing emails and malicious Word documents containing macros to drop and execute the malware.