← Back to malware index
AgentTesla
Attributions are based on open-source threat reports. A family appearing here means at least one syscall record cites it; absence does not imply non-use.
3 syscalls cited
- NtSetValueKey
Writes a named value into an open registry key — the workhorse for Run-key and IFEO persistence.
- NtQueryValueKey
Reads a value from a registry key — the targeted credential and config harvest primitive.
- NtReadFile
Reads bytes from a file, device, named pipe or mapped section into a user buffer — the kernel primitive behind ReadFile.