Trojan:AndroidOS/Coper!rfn

user@threatcheck.sh ~ threat-analysis

bash

$ analyze-threat Trojan:AndroidOS/Coper!rfn

Trojan:AndroidOS/Coper!rfn - Windows Defender threat signature analysis

$ cat analysis.txt

=== THREAT ANALYSIS REPORT ===

Threat Name: Trojan:AndroidOS/Coper!rfn

Classification:

Type:Trojan

Platform:AndroidOS

Family:Coper

Detection Type:Concrete

Known malware family with identified signatures

Suffix:!rfn

Specific ransomware family name

Confidence:Very High

False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for AndroidOS platform, family Coper

Summary:

Trojan:AndroidOS/Coper!rfn is a concrete detection of a malicious trojan, primarily identified as an Android threat but found with Windows Defender. The associated technical analysis reveals strings indicative of sophisticated Windows-specific capabilities such as process hooking, persistence via scheduled tasks and BITS jobs, remote code execution through rundll32/PowerShell, and file manipulation. This suggests the trojan aims to gain deep control, establish persistence, and execute arbitrary commands on a compromised system, potentially as part of a multi-platform attack or if interacting with a Windows environment.

Severity:

High

VDM Static Detection:

Relevant strings associated with this threat:
 - !#HSTR:StringCodeForMshta.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.C!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.D!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.L!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.O!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRegsvr32.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRundll32.A!pli (PEHSTR_EXT)
 - rundll32 (PEHSTR_EXT)
 - !#HSTR:StringCodeForBITSJobs.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForPowerShell.G!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForScheduledTask.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForDataEncoding.D!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.J!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.K!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRemoteFileCopy.B!pli (PEHSTR_EXT)
 - !#HSTR:ExecutionGuardrails (PEHSTR_EXT)
 - !#HSTR:StringCodeForFileDeletion.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForHooking.M!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForNetshHelperDLL.A!pli (PEHSTR_EXT)
 - !#HSTR:StringCodeForRemoteServices.A!pli (PEHSTR_EXT)

Known malware which is associated with this threat:

Filename: Chrome.apk

02cd74a277a19ef59375d44e6111c5c887a2dd2313a2a7129c98e5967dc69ecc

30/12/2025

→VirusTotal ↓Download Sample

Remediation Steps:

Isolate infected systems or devices immediately to prevent further spread. Perform a full system scan with updated antivirus software, ensuring complete removal of the detected threat and any associated components. Patch all operating systems and applications to their latest versions, change passwords for potentially compromised accounts, and monitor network activity for any signs of continued compromise or data exfiltration.

=== END REPORT ===

$ reanalyze-threat

This analysis was last updated on 30/12/2025. Do you want to analyze it again?

$ ls available-commands/

→ cd /home

user@threatcheck.sh:~$ ▊

Trojan:AndroidOS/Coper!rfn - Windows Defender Threat Analysis