Spy

About “Spyware.TelegramRAT” infection

Malware Removal

The Spyware.TelegramRAT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Spyware.TelegramRAT virus can do?

  • Dynamic (imported) function loading detected
  • Authenticode signature is invalid

How to determine Spyware.TelegramRAT?



File Info:

name: 3FEFBA5AEE9F6A881E2B.mlw
path: /opt/CAPEv2/storage/binaries/902131e9c97acaf5b968ab6b3b544088abdd73316b13041001d1dbfab72c36ad
crc32: E7014B89
md5: 3fefba5aee9f6a881e2bf3eae955d243
sha1: d764b1b009f9300d593123ec90285926157a763d
sha256: 902131e9c97acaf5b968ab6b3b544088abdd73316b13041001d1dbfab72c36ad
sha512: af5fc4f9627a836974ccbcd472be9b70dc8eb9ac3afd194810d14e3a1d8083c6816a28b29bb447cbae4f524d0edef112ba08bb4af15225974a52ea342609cab5
ssdeep: 3072:ZbJltDbMhYsxeg2Ez0fbWpmpC2PN4BY5:ZbJltDbMhY4eHEIfbZE2PyY
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1E1B33AFC239A3F2EC6BD467BD0D12EB183B18043A851EF4B5D90A8A925D76C639431D7
sha3_384: 4f8ba3463c26e2ad3cb16b976a2be0b5c8394ff14e7359202b97590655c804e1397848b03e6dd49aa4a56ef190560f54
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-01-31 17:22:14


Version Info:

Translation: 0x0000 0x04b0
Comments: update64x
CompanyName: 
FileDescription: Tele64x
FileVersion: 1.0.0.0
InternalName: TelegramRAT.exe
LegalCopyright: Copyright ©  2021
LegalTrademarks: 
OriginalFilename: TelegramRAT.exe
ProductName: Tele64x
ProductVersion: 1.0.0.0
Assembly Version: 1.0.0.0

Spyware.TelegramRAT also known as:

Elasticmalicious (high confidence)
CAT-QuickHealTrojan.YakbeexMSIL.ZZ4
ALYacGen:Variant.MSILHeracles.13493
MalwarebytesSpyware.TelegramRAT
BitDefenderGen:Variant.MSILHeracles.13493
Cybereasonmalicious.aee9f6
CyrenW32/Zbot.AQ.gen!Eldorado
ESET-NOD32a variant of MSIL/Agent.CTU
APEXMalicious
CynetMalicious (score: 99)
KasperskyHEUR:Trojan.MSIL.Agent.gen
MicroWorld-eScanGen:Variant.MSILHeracles.13493
Ad-AwareGen:Variant.MSILHeracles.13493
EmsisoftGen:Variant.MSILHeracles.13493 (B)
F-SecureHeuristic.HEUR/AGEN.1138205
DrWebTrojan.ClipBankerNET.7
FireEyeGeneric.mg.3fefba5aee9f6a88
SentinelOneStatic AI – Malicious PE
GDataGen:Variant.MSILHeracles.13493
AviraHEUR/AGEN.1138205
ArcabitTrojan.MSILHeracles.D34B5
ZoneAlarmHEUR:Trojan.MSIL.Agent.gen
AhnLab-V3Trojan/Win.Generic.C4605738
MAXmalware (ai score=89)
CylanceUnsafe
RisingTrojan.Generic/MSIL@AI.93 (RDM.MSIL:T5WDDWvTFZAFiNwKUZYvcQ)
eGambitUnsafe.AI_Score_99%
BitDefenderThetaGen:NN.ZemsilF.34182.hm0@a0374ml
CrowdStrikewin/malicious_confidence_70% (D)
MaxSecureTrojan.Malware.300983.susgen

How to remove Spyware.TelegramRAT?

Spyware.TelegramRAT removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment