user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Trojan:Win32/Khalesi.RL!MTB
Trojan:Win32/Khalesi.RL!MTB - Windows Defender threat signature analysis

Trojan:Win32/Khalesi.RL!MTB - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Trojan:Win32/Khalesi.RL!MTB
Classification:
Type:Trojan
Platform:Win32
Family:Khalesi
Detection Type:Concrete
Known malware family with identified signatures
Variant:RL
Specific signature variant within the malware family
Suffix:!MTB
Detected via machine learning and behavioral analysis
Detection Method:Behavioral
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for 32-bit Windows platform, family Khalesi

Summary:

Trojan:Win32/Khalesi.RL!MTB is a malicious program from the Khalesi family targeting Windows 32-bit systems. Detected through machine learning behavioral analysis and specific low-accuracy heuristic byte patterns, it aims to perform unauthorized actions or compromise system integrity.

Severity:
Medium
VDM Static Detection:
No specific strings found for this threat
YARA Rule:
rule Trojan_Win32_Khalesi_RL_2147773162_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Trojan:Win32/Khalesi.RL!MTB"
        threat_id = "2147773162"
        type = "Trojan"
        platform = "Win32: Windows 32-bit platform"
        family = "Khalesi"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_PEHSTR_EXT"
        threshold = "2"
        strings_accuracy = "Low"
    strings:
        $x_1_1 = {0f be 02 83 c8 20 0f b6 c8 33 4d ?? 89 4d ?? 8b 55 ?? 83 c2 01 89 55}  //weight: 1, accuracy: Low
        $x_1_2 = {83 c4 04 8b 4d ?? 83 e1 01 8b 15 ?? ?? ?? ?? 0f af 8a ?? ?? ?? ?? 33 c1 89 45 ?? eb}  //weight: 1, accuracy: Low
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}
Known malware which is associated with this threat:
Filename: 1d2469c4147fdb708d2fe5cbdf383fbe.exe
043e5ce96ba3a291188f9c379469dcac5f6c27528e1a5e608163927538a470bd
13/01/2026
VirusTotalDownload Sample
Filename: e115f17941e424c307aac6f5c3364dc1.exe
c26b8d2f13c36520dbbb94e94179a857aeca893ab1f73bdcdb770fe84d502f45
13/01/2026
VirusTotalDownload Sample
Filename: 185ee6418df08ae2e1dd6e4ebb42b5ed.exe
7473dda3ffcfe2e31ac6eb5890d03a57acee056cb574231b4313058608a45da6
13/01/2026
VirusTotalDownload Sample
Filename: 1b3c0ea48ab4e1621852f764fc346151.exe
df467545dcaf4894501a15ff101c33b74c0748a6245735ee46a4ce851058f1f1
13/01/2026
VirusTotalDownload Sample
Filename: 1faad43f3015a285b7864b5f47d87bdb.exe
aae718316a1a954ed097395658365b32daed2f8ee1a8aad440317b943201170a
13/01/2026
VirusTotalDownload Sample
Remediation Steps:
Isolate the affected system immediately to prevent further spread. Conduct a full scan with up-to-date antivirus software to remove all detected malicious files. Ensure the operating system and all installed software are fully patched to mitigate potential vulnerabilities.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 13/01/2026. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$