TrojanDropper:Win32/Muldrop.V!MTB - Windows Defender Threat Analysis

TrojanDropper:Win32/Muldrop.V!MTB is a critical Trojan dropper designed to install additional malware on Windows 32-bit systems. Detected through a concrete signature and behavioral analysis, it employs specific code patterns, such as using `cmd.exe` for file renaming, to facilitate the dropping and execution of its malicious payload.

No specific strings found for this threat

rule TrojanDropper_Win32_Muldrop_V_2147741519_0
{
    meta:
        author = "threatcheck.sh"
        detection_name = "TrojanDropper:Win32/Muldrop.V!MTB"
        threat_id = "2147741519"
        type = "TrojanDropper"
        platform = "Win32: Windows 32-bit platform"
        family = "Muldrop"
        severity = "Critical"
        info = "MTB: Microsoft Threat Behavior"
        signature_type = "SIGNATURE_TYPE_PEHSTR"
        threshold = "4"
        strings_accuracy = "High"
    strings:
        $x_2_1 = {5c 00 55 00 c5 00 69 00 c9 00 6f 00 72 00 cf 00 d1 00}  //weight: 2, accuracy: High
        $x_2_2 = {63 00 6d 00 64 00 20 00 2f 00 63 00 20 00 72 00 f9 00 6e 00 61 00 6d 00 65 00 20 00 22 00}  //weight: 2, accuracy: High
    condition:
        (filesize < 20MB) and
        (all of ($x*))
}

Immediately isolate the affected system, perform a full system scan with updated antivirus software, and remove all detected malicious files. Investigate for persistence mechanisms and potential initial access vectors, then ensure all operating system and software patches are applied.