Malware
OriginLogger
According to Palo Alto Networks Unit 42, OriginLogger is a commercial .NET (C#) keylogger and information stealer explicitly promoted by its authors as a successor and variant of Agent Tesla, such tha
OriginLogger is a Windows malware family.
Background
Palo Alto Networks Unit 42 reports that OriginLogger is a commercial .NET (C#) keylogger and information stealer that its authors openly market as a successor to and variant of Agent Tesla, to the point that many existing Agent Tesla signatures still match OriginLogger samples. Shipped with a builder and a web panel, it provides multilingual keylogging through a low-level keyboard hook, clipboard and screenshot capture, keyword-triggered "smart" logging, and credential theft from browsers and mail clients, with stolen data sent out over SMTP, FTP, HTTP(S) to a web panel, or through Telegram bots. Its operator-defined configuration is held in an obfuscated byte blob decoded at runtime, and the payload is generally delivered via multi-stage loaders that rely on .NET process injection to execute inside other processes. Code analysis confirms that OriginLogger borrows and builds upon large parts of Agent Tesla's code, including its browser password-recovery routines, pointing to a very tight relationship between the two families.
Source: Malpedia (Fraunhofer FKIE).