Concrete signature match: Trojan - Appears legitimate but performs malicious actions for 32-bit Windows platform, family Farfi
Trojan:Win32/Farfi.GPA!MTB is a sophisticated malicious program specifically targeting Windows systems. It leverages advanced behavioral analysis and concrete signatures to compromise systems, likely for unauthorized access, data exfiltration, or to facilitate further malicious activities.
No specific strings found for this threat
rule Trojan_Win32_Farfi_GPA_2147893342_0
{
meta:
author = "threatcheck.sh"
detection_name = "Trojan:Win32/Farfi.GPA!MTB"
threat_id = "2147893342"
type = "Trojan"
platform = "Win32: Windows 32-bit platform"
family = "Farfi"
severity = "Critical"
info = "MTB: Microsoft Threat Behavior"
signature_type = "SIGNATURE_TYPE_PEHSTR_EXT"
threshold = "4"
strings_accuracy = "High"
strings:
$x_4_1 = {33 d2 f7 75 10 b8 cd cc cc cc 80 c2 36 30 11 f7 65 0c 8b 4d 08 8b 45 0c 41 c1 ea 03 40 c7 45 08 00 00 00 00 89 45 0c 8d 14 92 03 d2 3b fa 8b 55 08 0f 45 d1 89 55 08 3b c3} //weight: 4, accuracy: High
condition:
(filesize < 20MB) and
(all of ($x*))
}24f69f0549f0f24862cdf87d569fd5c488cebee247d962d5313ed938b84b337cImmediately isolate the infected system from the network. Perform a full system scan with updated antivirus software to remove the threat, then patch all operating system and application vulnerabilities. Reinforce security awareness training for users.