Concrete signature match: Trojan - Appears legitimate but performs malicious actions for 64-bit Windows platform, family Lazy
Trojan:Win64/Lazy.PGLY!MTB is a critical 64-bit Windows Trojan identified by both a concrete signature and machine learning behavioral analysis. This malicious program is designed to execute unauthorized actions, potentially leading to system compromise, data exfiltration, or further malware deployment.
No specific strings found for this threat
rule Trojan_Win64_Lazy_PGLY_2147954995_0
{
meta:
author = "threatcheck.sh"
detection_name = "Trojan:Win64/Lazy.PGLY!MTB"
threat_id = "2147954995"
type = "Trojan"
platform = "Win64: Windows 64-bit platform"
family = "Lazy"
severity = "Critical"
info = "MTB: Microsoft Threat Behavior"
signature_type = "SIGNATURE_TYPE_PEHSTR_EXT"
threshold = "5"
strings_accuracy = "High"
strings:
$x_5_1 = {cb b5 d9 4b df e6 9c 43 08 a2 00 31 0b ea 2b 2a 49 2d a7 e1 ff fa 12 c9 e9 97 e6 db 9f 8e e2 1f 12 3d 12 cb 15 a3 a7 c0 9d 66 fd} //weight: 5, accuracy: High
condition:
(filesize < 20MB) and
(all of ($x*))
}b39c38d71f2e15e79f9861499379d8e4a2a4b4247fb425630838311e5bc8336aIsolate the infected system from the network immediately. Perform a full system scan using an updated antivirus solution to remove the Trojan and any persistent components. Verify the system's integrity and consider re-imaging if complete eradication cannot be confirmed.