user@threatcheck.sh ~ threat-analysis
bash
$ analyze-threat Trojan:Win64/Farfli.SDM!MTB
Trojan:Win64/Farfli.SDM!MTB - Windows Defender threat signature analysis

Trojan:Win64/Farfli.SDM!MTB - Windows Defender Threat Analysis

$ cat analysis.txt
=== THREAT ANALYSIS REPORT ===
Threat Name: Trojan:Win64/Farfli.SDM!MTB
Classification:
Type:Trojan
Platform:Win64
Family:Farfli
Detection Type:Concrete
Known malware family with identified signatures
Variant:SDM
Specific signature variant within the malware family
Suffix:!MTB
Detected via machine learning and behavioral analysis
Detection Method:Behavioral
Confidence:Very High
False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for 64-bit Windows platform, family Farfli

Summary:

Trojan:Win64/Farfli.SDM!MTB is a Remote Access Trojan (RAT) that gives an attacker full control over a compromised system, enabling data theft, remote command execution, and user activity monitoring. The detection is based on machine learning behavioral analysis which observed the file performing actions characteristic of the Farfli malware family.

Severity:
Medium
VDM Static Detection:
No specific strings found for this threat
YARA Rule:
rule Trojan_Win64_Farfli_SDM_2147934110_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Trojan:Win64/Farfli.SDM!MTB"
        threat_id = "2147934110"
        type = "Trojan"
        platform = "Win64: Windows 64-bit platform"
        family = "Farfli"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_PEHSTR_EXT"
        threshold = "5"
        strings_accuracy = "Low"
    strings:
        $x_5_1 = {45 33 db 4c 8d 05 ?? ?? ?? ff 45 33 c9 4c 89 5c 24 28 33 d2 33 c9 44 89 5c 24 20 ff 15 ?? ?? ?? 00 83 ca ff 48 8b c8}  //weight: 5, accuracy: Low
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}
Known malware which is associated with this threat:
Filename: 0634c78ea40ae9fc00ab3adf15f48bc0.exe
3da033579ce7eb25cc51e4fd9c7f060d110e29a5417fcb394734b9c4c89c6d2b
20/01/2026
VirusTotalDownload Sample
Filename: 019a78d98a816272ab8bcf1db9f709c5.exe
1ee0d0004a882c5a3bc5566f4b56b5044213e9b2b801fb71387063b640858f0f
20/01/2026
VirusTotalDownload Sample
Filename: 1d36df07e1135357885d203669b4bf34.exe
08e9c18172518605d7d8101d06629acfdd48df2359103b8d55df7e498b79804f
15/01/2026
VirusTotalDownload Sample
Filename: 26c571d593b641dae3beddcb54da3265.exe
0a637bc0224aaf77de7cb3e8b574a34f9c64ed16649dfb8adbc053f304745b60
15/01/2026
VirusTotalDownload Sample
Filename: 0d75aa7f9329f493618dfbdad34214b8.exe
ac2bee2bfba8b7603ead6033f90b0ce727390e66be62c0fe7c9c8b5a4aa4fce0
13/01/2026
VirusTotalDownload Sample
Remediation Steps:
Isolate the affected machine from the network immediately. Use Windows Defender or another antivirus to perform a full system scan and remove the threat. Since this is a RAT, assume a breach, reset all user credentials, and investigate for persistence mechanisms.
=== END REPORT ===
$ reanalyze-threat
This analysis was last updated on 14/11/2025. Do you want to analyze it again?
$ ls available-commands/
→ cd /home
user@threatcheck.sh:~$