Trojan:Win64/Meterpreter.A

user@threatcheck.sh ~ threat-analysis

bash

$ analyze-threat Trojan:Win64/Meterpreter.A

Trojan:Win64/Meterpreter.A - Windows Defender threat signature analysis

$ cat analysis.txt

=== THREAT ANALYSIS REPORT ===

Threat Name: Trojan:Win64/Meterpreter.A

Classification:

Type:Trojan

Platform:Win64

Family:Meterpreter

Detection Type:Concrete

Known malware family with identified signatures

Variant:A

Specific signature variant within the malware family

Confidence:Very High

False-Positive Risk:Low

Concrete signature match: Trojan - Appears legitimate but performs malicious actions for 64-bit Windows platform, family Meterpreter

Summary:

This threat is a detection of Meterpreter, a powerful post-exploitation payload from the Metasploit Framework. Once executed, it provides an attacker with full remote control over the compromised system, allowing for data exfiltration, keystroke logging, and lateral movement within the network.

Severity:

Critical

VDM Static Detection:

Relevant strings associated with this threat:
 - |#d1e49aac-8f56-4280-b9ba-993a6d77406c (NID)
 - }#d1e49aac-8f56-4280-b9ba-993a6d77406c (NID)
 - &|#b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 (NID)
 - &}#b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 (NID)
 - y*|#56a863a9-875e-4185-98a7-b882c64b5ce5 (NID)
 - y*}#56a863a9-875e-4185-98a7-b882c64b5ce5 (NID)
 - C|#be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 (NID)
 - C}#be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 (NID)
 - L|#3b576869-a4ec-4529-8536-b80a7769e899 (NID)
 - L}#3b576869-a4ec-4529-8536-b80a7769e899 (NID)
 - |#5beb7efe-fd9a-4556-801d-275e5ffc04cc (NID)
 - }#5beb7efe-fd9a-4556-801d-275e5ffc04cc (NID)
 - |#01443614-cd74-433a-b99e-2ecdc07bfc25 (NID)
 - }#01443614-cd74-433a-b99e-2ecdc07bfc25 (NID)
 - |#d3e037e1-3eb8-44c8-a917-57927947596d (NID)
 - }#d3e037e1-3eb8-44c8-a917-57927947596d (NID)
 - |#7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c (NID)
 - }#7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c (NID)
 - |#92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b (NID)
 - }#92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b (NID)
No specific strings found for this threat

YARA Rule:

rule Trojan_Win64_Meterpreter_A_2147720175_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "Trojan:Win64/Meterpreter.A"
        threat_id = "2147720175"
        type = "Trojan"
        platform = "Win64: Windows 64-bit platform"
        family = "Meterpreter"
        severity = "Critical"
        signature_type = "SIGNATURE_TYPE_PEHSTR_EXT"
        threshold = "11"
        strings_accuracy = "Low"
    strings:
        $x_10_1 = {8e 4e 0e ec 74 ?? 81 ?? aa fc 0d 7c 74 ?? 81 ?? 54 ca af 91 74 ?? 81 ?? f2 32 f6 0e}  //weight: 10, accuracy: Low
        $x_1_2 = {83 e8 05 c6 43 05 e9 89 43 06 ff 15}  //weight: 1, accuracy: High
        $x_1_3 = {c6 46 05 e9 2b c6 83 e8 05 89 46 06}  //weight: 1, accuracy: High
    condition:
        (filesize < 20MB) and
        (
            ((1 of ($x_10_*) and 1 of ($x_1_*))) or
            (all of ($x*))
        )
}

Remediation Steps:

Immediately isolate the affected machine from the network to prevent further compromise. Use security software to remove the detected malware. Investigate the initial access vector, check for persistence mechanisms, and reset all credentials that were used on the system. Consider re-imaging the machine due to the high risk of compromise.

=== END REPORT ===

$ reanalyze-threat

This analysis was last updated on 11/11/2025. Do you want to analyze it again?

$ ls available-commands/

→ cd /home

user@threatcheck.sh:~$ ▊

Trojan:Win64/Meterpreter.A - Windows Defender Threat Analysis