user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Trojan:MSIL/AgentTesla.RBI!MTB
Trojan:MSIL/AgentTesla.RBI!MTB - Windows Defender threat signature analysis

Trojan:MSIL/AgentTesla.RBI!MTB - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Trojan:MSIL/AgentTesla.RBI!MTB
Classification:
Type:Trojan
Platform:MSIL
Family:AgentTesla
Detection Type:Concrete
Known malware family with identified signatures
Variant:RBI
Specific signature variant within the malware family
Suffix:!MTB
Detected via machine learning and behavioral analysis
Detection Method:Behavioral
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for .NET (Microsoft Intermediate Language) platform, family AgentTesla

Summary:

This detection identifies AgentTesla, a well-known information-stealing Trojan written in .NET. Its primary function is to capture sensitive data such as keystrokes, clipboard contents, and stored credentials from browsers and other applications, then exfiltrate the stolen information to an attacker.

Severity:
High
VDM Static Detection:
No detailed analysis available from definition files.
Known malware which is associated with this threat:
Filename: e763f70c225397859178eb99d03beee5e11fccc8680df2e32c77d58eb094397f
e763f70c225397859178eb99d03beee5e11fccc8680df2e32c77d58eb094397f
08/12/2025
VirusTotalDownload Sample
Filename: ba514304ee5435dcd4cac761a79f9b22e5c47f8b6070b75a3cdf5af42a484314
ba514304ee5435dcd4cac761a79f9b22e5c47f8b6070b75a3cdf5af42a484314
08/12/2025
VirusTotalDownload Sample
Filename: 4a803cc2bc157d801250a7bb1742fb747e2961a2d0dbe2a64bc5b91a02f3d1a9
4a803cc2bc157d801250a7bb1742fb747e2961a2d0dbe2a64bc5b91a02f3d1a9
08/12/2025
VirusTotalDownload Sample
Filename: 9177746E794B434C8712D2D25EF4B0DB.exe
750bfb6b02d5ebacb9e4eb938ffb64751feccfaf0c883b5489b77d26825d1009
18/11/2025
VirusTotalDownload Sample
Filename: Purchase Inquiry_KPCPU-2830.gz.exe
0571d6e01dadf196d8ee4f5969a6c7849543176071e49c59808db83883a4bf37
15/11/2025
VirusTotalDownload Sample
Remediation Steps:
Isolate the machine from the network. Run a full antivirus scan to ensure all components are removed. Change passwords for all accounts accessed from the device. Investigate the entry point, likely a phishing email, and remove the malicious artifact.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 15/11/2025. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$