user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Trojan:O97M/Sadoca.C!ml
Trojan:O97M/Sadoca.C!ml - Windows Defender threat signature analysis

Trojan:O97M/Sadoca.C!ml - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Trojan:O97M/Sadoca.C!ml
Classification:
Type:Trojan
Platform:O97M
Family:Sadoca
Detection Type:Concrete
Known malware family with identified signatures
Variant:C
Specific signature variant within the malware family
Suffix:!ml
Identified through machine learning models
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for O97M platform, family Sadoca

Summary:

Trojan:O97M/Sadoca.C!ml is a high-confidence concrete detection of a Trojan, likely propagated via malicious Office 97-2003 macros. This malware aims to gain unauthorized access to the system, steal sensitive data, or serve as a dropper for additional payloads.

Severity:
High
VDM Static Detection:
No specific strings found for this threat
Known malware which is associated with this threat:
Filename: Payment.details.doc
2189d6b490727ce1c217392c9351a83745e26bbf3c4d503ca544febab64e9e06
01/12/2025
VirusTotalDownload Sample
Filename: Payment.details.doc
cbf238a9bec97b767fe53b13949f5acbaa30c40692216e9628f5f71842c60889
01/12/2025
VirusTotalDownload Sample
Filename: Payment.details.doc
7a97229ab5c1e0fb376635abfa1c2833344b326b5e00d01be978c9cc1d7d263e
01/12/2025
VirusTotalDownload Sample
Filename: Payment.details.doc
32a52586e742cb7d213b9eb5b2c6038f26d8c647a092ee8b23ff2fb94deaff57
01/12/2025
VirusTotalDownload Sample
Filename: Payment.details.doc
96502cd36566576fd7ca157915684fd5c826364b31eb51bb57dda50f51819374
01/12/2025
VirusTotalDownload Sample
Remediation Steps:
Immediately isolate the affected system, run a full system scan with updated antivirus software, and remove or quarantine the detected threat. Review Office macro security settings and educate users on vigilance against suspicious documents or phishing attempts.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 01/12/2025. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$