W32/Agent.BL!tr
Analysis
W32/Agent.BL!tr - 06-04-04
Files:
- Copies itself to: undefinedSystemRootundefined/undefinedWinDirundefined
- Drop files: data
Installation to System:
- When run, it copies itself to:
undefinedSystem Folderundefined - And creates these registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\INTEL Version = "3.4.1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run Service = "shell32.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit = "System Folderundefined\userinit.exe,kernel32.exe"
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |