About “Trojan:MSIL/AgentTesla.KKAA!MTB” infection

The Trojan:MSIL/AgentTesla.KKAA!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:MSIL/AgentTesla.KKAA!MTB virus can do?

Sample contains Overlay data
Authenticode signature is invalid
Binary file triggered multiple YARA rules

How to determine Trojan:MSIL/AgentTesla.KKAA!MTB?


File Info:
name: 004EC0579892DCE865CF.mlw
path: /opt/CAPEv2/storage/binaries/12f1e135622abe0ba3bcf064d152f02892950fb077e6dcbedeac1d57e386eba9
crc32: FFFF007D
md5: 004ec0579892dce865cf7a482f905fcf
sha1: 5f46f11d5b07b684b718d3670160eb06288a4aa1
sha256: 12f1e135622abe0ba3bcf064d152f02892950fb077e6dcbedeac1d57e386eba9
sha512: cd31e38ce65c63eee3e3370dabd692338341eb6f900ddf1812e6020dffc5e7572bd2aeeaca7ab1d9a9ae502505989a266d9ef521eab23b02a61d77aaab4444ce
ssdeep: 3072:PzpnoeCmyuiLAAkqbePSVI9J6DQyS5yi6YMlW:P5oeCmyuiLAA1bfVIL6DQyfzYg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E8440E037E88EB15E5A83D3782EF6C2413B2B0C71633C60B6F49AF6618516925D7E72D
sha3_384: cb07c38de6a9bb7691d67d9a3c90c53962cdc31ac236c7fbecf3a975031319cdb1e5698d8586f3a5b0ca3e2f1b4ca737
ep_bytes: 0520011d05080a1001021e00101e001e
timestamp: 2024-03-18 08:35:07

Version Info:
0: [No Data]

Trojan:MSIL/AgentTesla.KKAA!MTB also known as:

Bkav	W32.AIDetectMalware.CS
MicroWorld-eScan	Gen:Variant.Ulise.473053
Skyhigh	BehavesLike.Win32.Generic.dt
McAfee	AgentTesla-FDUP!004EC0579892
Malwarebytes	Generic.Malware.AI.DDS
VIPRE	Gen:Variant.Ulise.473053
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
Symantec	ML.Attribute.HighConfidence
Elastic	Windows.Generic.Threat
APEX	Malicious
ClamAV	Win.Packed.Msilperseus-9956591-0
BitDefender	Gen:Variant.Ulise.473053
Emsisoft	Gen:Variant.Ulise.473053 (B)
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.004ec0579892dce8
SentinelOne	Static AI – Malicious PE
MAX	malware (ai score=87)
Google	Detected
Varist	W32/MSIL_Agent.GQP.gen!Eldorado
Kingsoft	malware.kb.a.995
Microsoft	Trojan:MSIL/AgentTesla.KKAA!MTB
Arcabit	Trojan.Ulise.D737DD
GData	Gen:Variant.Ulise.473053
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win.FDUP.R633587
ALYac	Gen:Variant.Ulise.473053
Cylance	unsafe
Rising	Spyware.AgentTesla!1.EE33 (CLASSIC)
Ikarus	Trojan-Spy.MSIL.AgentTesla
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Agent.GQP!tr
Cybereason	malicious.79892d
DeepInstinct	MALICIOUS

How to remove Trojan:MSIL/AgentTesla.KKAA!MTB?

Trojan:MSIL/AgentTesla.KKAA!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X