user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Trojan:Win32/Amadey.SUPC!MTB
Trojan:Win32/Amadey.SUPC!MTB - Windows Defender threat signature analysis

Trojan:Win32/Amadey.SUPC!MTB - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Trojan:Win32/Amadey.SUPC!MTB
Classification:
Type:Trojan
Platform:Win32
Family:Amadey
Detection Type:Concrete
Known malware family with identified signatures
Variant:SUPC
Specific signature variant within the malware family
Suffix:!MTB
Detected via machine learning and behavioral analysis
Detection Method:Behavioral
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for 32-bit Windows platform, family Amadey

Summary:

This threat is a Trojan from the Amadey malware family, a known botnet and downloader. It gathers system information from the infected machine and is primarily used to download and execute additional, more severe malware payloads like ransomware or information stealers.

Severity:
Medium
VDM Static Detection:
No specific strings found for this threat
YARA Rule:
rule Trojan_Win32_Amadey_SUPC_2147948947_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Trojan:Win32/Amadey.SUPC!MTB"
        threat_id = "2147948947"
        type = "Trojan"
        platform = "Win32: Windows 32-bit platform"
        family = "Amadey"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_PEHSTR_EXT"
        threshold = "1"
        strings_accuracy = "High"
    strings:
        $x_1_1 = {8a 04 16 40 32 c5 88 02 48 ff c2 49 ff c8 75}  //weight: 1, accuracy: High
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}
Known malware which is associated with this threat:
8e4ba61a8067d7079cfdd9a711406be73b662df3d76b50b2a10861976a8bd83e
08/12/2025
VirusTotalDownload Sample
96d6b0603a4a13e1f7636ec2cb9bc9b2a5491c15bce2c1daf9ace7b60cd20fa4
06/12/2025
VirusTotalDownload Sample
2dbee2aec305103a2ad3fbd4e56c8973e138c30b7fb349c0d6ecd38ddc421aaf
07/11/2025
VirusTotalDownload Sample
Remediation Steps:
Isolate the affected machine from the network immediately. Run a full antivirus scan to remove the threat. Investigate for follow-on malware and reset all user passwords on the machine as a precaution.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 08/11/2025. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$