About “Trojan:Win32/AgentTesla.Y!MTB” infection

The Trojan:Win32/AgentTesla.Y!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Trojan:Win32/AgentTesla.Y!MTB virus can do?

Sample contains Overlay data
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Binary file triggered YARA rule
Anomalous binary characteristics

How to determine Trojan:Win32/AgentTesla.Y!MTB?


File Info:
name: A114214DC94E73F8119F.mlw
path: /opt/CAPEv2/storage/binaries/85a73ae1d9122bb9ef1ff600fd6c8c044944705fda4f46ba85c56926686dcbef
crc32: 6B0520FB
md5: a114214dc94e73f8119fe9331e1aa5be
sha1: 5209491419e58aaedc8d03af96d746ba4bdd9eef
sha256: 85a73ae1d9122bb9ef1ff600fd6c8c044944705fda4f46ba85c56926686dcbef
sha512: 7d876a8c1be32055ed7493e8f72867e606a2e9928a4f1087fac0a625dfdc4325e95b0148455ce434efaef7403c75f09d3bca9b2d47178ad1d11538d31d4d2c01
ssdeep: 12288:btb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPX0Sga45CgD23g2JF9CkBi:btb20pkaCqT5TBWgNVa45Cg2rP9Cb
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1BD25BE2373DD8365C7B25273BA15B701BEBB782906B1F96B2FD8093DE820161521E673
sha3_384: 886543bf1fc9ef25d504907c917ab1e58d627c4eb0eebb4264679697ed517c7071dadfed28445ca982536b71b168e871
ep_bytes: e86ace0000e97ffeffffcccc57568b74
timestamp: 2024-02-28 10:58:01

Version Info:
0: [No Data]

Trojan:Win32/AgentTesla.Y!MTB also known as:

Bkav	W32.Common.C43CF2E4
Lionic	Trojan.Win32.Nymeria.4!c
MicroWorld-eScan	AIT:Trojan.Nymeria.5909
FireEye	AIT:Trojan.Nymeria.5909
Sangfor	Trojan.Win32.AgentTesla.Vjsh
Alibaba	Trojan:Win32/AgentTesla.f4421a17
CrowdStrike	win/malicious_confidence_100% (W)
Elastic	malicious (moderate confidence)
APEX	Malicious
TrendMicro-HouseCall	TROJ_GEN.R002H01C624
BitDefender	AIT:Trojan.Nymeria.5909
Rising	Trojan.Generic@AI.99 (RDML:zS6ACscAEfFq7ntW026ZxA)
Sophos	Mal/Generic-S
Google	Detected
VIPRE	AIT:Trojan.Nymeria.5909
Emsisoft	AIT:Trojan.Nymeria.5909 (B)
SentinelOne	Static AI – Suspicious PE
MAX	malware (ai score=89)
Kingsoft	malware.kb.a.724
Microsoft	Trojan:Win32/AgentTesla.Y!MTB
Arcabit	AIT:Trojan.Nymeria.D1715
GData	AIT:Trojan.Nymeria.5909
Cynet	Malicious (score: 100)
ALYac	AIT:Trojan.Nymeria.5909
Ikarus	Trojan.Win32.Autoit
MaxSecure	Trojan.Malware.234999037.susgen
Cybereason	malicious.dc94e7
DeepInstinct	MALICIOUS

How to remove Trojan:Win32/AgentTesla.Y!MTB?

Trojan:Win32/AgentTesla.Y!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X