user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Trojan:VBA/AgentTesla.GC!MTB
Trojan:VBA/AgentTesla.GC!MTB - Windows Defender threat signature analysis

Trojan:VBA/AgentTesla.GC!MTB - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Trojan:VBA/AgentTesla.GC!MTB
Classification:
Type:Trojan
Platform:VBA
Family:AgentTesla
Detection Type:Concrete
Known malware family with identified signatures
Variant:GC
Specific signature variant within the malware family
Suffix:!MTB
Detected via machine learning and behavioral analysis
Detection Method:Behavioral
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for VBA platform, family AgentTesla

Summary:

This detection identifies the AgentTesla trojan, a well-known information stealer delivered via a VBA macro. The malware is designed to steal sensitive data such as keystrokes, clipboard content, and credentials from various applications. It uses encryption, as indicated by references to cryptographic libraries, to obfuscate the stolen data before exfiltration.

Severity:
Medium
VDM Static Detection:
Relevant strings associated with this threat:
 - MultiToken.Resources (PEHSTR_EXT)
 - TripleDESCryptoServiceProvider (PEHSTR_EXT)
 - CryptoLibrary.dll (PEHSTR_EXT)
Known malware which is associated with this threat:
Filename: SSA Secure Access.vbs
eea99f22aca1ebe449b97faafe79fd1d6e71441ccc40315a2e629280f65de0f8
05/12/2025
VirusTotalDownload Sample
Remediation Steps:
Isolate the affected machine from the network immediately to prevent lateral movement. Run a full antivirus scan to ensure all malicious components are removed. Since AgentTesla is an information stealer, reset all passwords and credentials that were used on the compromised host.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 05/12/2025. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$