![comodo dragon 22 comodo dragon 22](https://2.bp.blogspot.com/-c-PDnM1VA48/UGZf7VEjlJI/AAAAAAAAKK8/CwIkiKG_0ww/s1600/Comodo+Dragon+22.0+by+Zhon+Return.jpg)
![comodo dragon 22 comodo dragon 22](https://images.fineartamerica.com/images-medium-large-5/komodo-dragon-salva-reyes.jpg)
OriginLogger web panel (Source: OriginLogger YouTube video). OriginLogger feature list.Īdditionally, they showed both the web panel and the malware builder. OriginLogger feature highlights (Source: screenshots of the OriginLogger sale page from a YouTube video on OriginLogger).
![comodo dragon 22 comodo dragon 22](https://images.pexels.com/photos/42754/pexels-photo-42754.jpeg)
This person showed off the OriginLogger tools with a link to buy it from a known site that traffics in malware, exploits and the like. There are several Agent Tesla-related analysis blogs that I now recognize as pertaining to OriginLogger – sometimes tagged as “AgentTeslav3” – but otherwise, the public internet is pretty light on relevant information.ĭuring my search, I stumbled across a YouTube video posted in 2018 (before Agent Tesla closed up shop) by a person selling “fully undetectable” (FUD) tools. When I began researching OriginLogger, I could find little to no public information about it. Identifying OriginLogger Through Artifacts Palo Alto Networks customers receive protections from both OriginLogger and its predecessor malware Agent Tesla through Cortex XDR and the Next-Generation Firewall with cloud-delivered security services including WildFire and Advanced Threat Prevention. In this blog, I will cover the OriginLogger keylogger malware, how it handles the string obfuscation for configuration variables and what I found when looking at the extracted configurations that allowed for better identification and further pivoting. This fact revealed itself to me when I began analyzing the malware families’ configurations at scale after creating tooling to extract them. Recently, when sitting down to analyze some malware tagged as Agent Tesla, I was surprised to learn I was actually looking at something else. As such, the majority of tools and detections for Agent Tesla will still trigger on OriginLogger samples.
Comodo dragon 22 software#
OriginLogger is an AT-based software and has all the features.” OriginLogger is a variant of Agent Tesla. In the announcement message posted on the Agent Tesla Discord server, the keylogger’s developers suggested people switch over to a new keylogger: “If you want to see a powerful software like Agent Tesla, we would like to suggest you OriginLogger. On March 4, 2019, one of the most well-known keyloggers used by criminals, called Agent Tesla, closed up shop due to legal troubles.