Trojan:Win64/Fragtor.MR!MTB - Windows Defender Threat Analysis

Trojan:Win64/Fragtor.MR!MTB is a Windows 64-bit Trojan from the Fragtor family. This concrete detection, reinforced by specific code patterns and behavioral analysis, indicates a severe threat designed for unauthorized access, data theft, or system compromise.

Relevant strings associated with this threat:
 - Fe3048124832f0cef883941e6035e2bbbc237.exe (PEHSTR_EXT)

rule Trojan_Win64_Fragtor_MR_2147947781_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Trojan:Win64/Fragtor.MR!MTB"
        threat_id = "2147947781"
        type = "Trojan"
        platform = "Win64: Windows 64-bit platform"
        family = "Fragtor"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_PEHSTR_EXT"
        threshold = "15"
        strings_accuracy = "High"
    strings:
        $x_10_1 = {48 8b 45 f0 48 8d 50 01 48 89 55 f0 0f b6 10 48 8b 45 f8 48 8d 48 01 48 89 4d f8 88 10 48 83 6d 20 01 48 83 7d 20}  //weight: 10, accuracy: High
        $x_5_2 = {89 45 fc 48 8b 45 10 48 8d 50 01 48 89 55 10 0f b6 00 0f b6 c0 89 45 f8 83 7d f8 00 0f 95 c0 84 c0}  //weight: 5, accuracy: High
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}

Immediately isolate the affected system to prevent further spread. Perform a full system scan with updated antivirus software and remove all detected malicious files. Investigate for persistence mechanisms, potential data compromise, and update all system software and critical credentials as necessary.