Agent Tesla information stealer has been making appearances in multiple cyber crime activities. It has been one of the most consistent tools used in infections for a while. It is usually distributed via malspam related to COVID19, WHO Drug advice, Face mask lures, etc. The body of the email usually includes the company logo and details for a legitimate organization. Apart from spoofing different brands to avoid detection, Agent Tesla operators also rotate the sender IP address and other indicators of compromise to avoid detection of older indicators. Sometimes, the threat actors use a GZ archive as an email attachment, masquerading as a PDF that supposedly contains details on whatever is offered in the email. Contained within the archive is an executable file that, upon execution, installs the Agent Tesla RAT. After initial check in with the C2 server, it waits to receive commands to be executed on the victim host. One of the main functionalities of Agent Tesla is the ability to steal passwords from various applications. Gathered credentials and other sensitive information are then exfiltrated to the C2 server via SMTP.