Trojan:Win64/Lazy.ETL!MTB - Windows Defender Threat Analysis

This is a Concrete detection of Trojan:Win64/Lazy.ETL!MTB, indicating a highly malicious program targeting 64-bit Windows systems. As a Trojan, it is designed for unauthorized access, data theft, or system control, with a low false positive risk thanks to specific signature patterns and behavioral analysis.

No specific strings found for this threat

rule Trojan_Win64_Lazy_ETL_2147944784_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Trojan:Win64/Lazy.ETL!MTB"
        threat_id = "2147944784"
        type = "Trojan"
        platform = "Win64: Windows 64-bit platform"
        family = "Lazy"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_PEHSTR_EXT"
        threshold = "1"
        strings_accuracy = "High"
    strings:
        $x_1_1 = {30 84 0d a0 00 00 00 8d 41 88 30 84 0d a1 00 00 00 8d 41 89 30 84 0d a2 00 00 00 8d 41 8a 30 84 0d a3 00 00 00 8d 41 8b 30 84 0d a4 00 00 00 8d 41 8c 30 84 0d a5 00 00 00 8d 41 8d 30 84 0d a6 00 00 00}  //weight: 1, accuracy: High
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}

Immediately isolate the affected system to prevent further spread. Perform a full system scan using up-to-date antivirus software and remove all detected malicious files. Review system logs for signs of further compromise or persistence mechanisms, and consider changing any credentials that may have been compromised.