Virus

Analysis

W32/Mimikatz.BXE!tr.pws is classified as a password-stealing trojan.
A password-stealing trojan searches the infected system for passwords and sends them to a remote attacker.
The Fortinet Antivirus Analyst Team is constantly updating our descriptions. Please check the FortiGuard Encyclopedia regularly for updates.

Recommended Action

Make sure that your FortiGate/FortiClient system is using the latest AV database.
Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry

Detection Availability

FortiClient
Extreme
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR

Version Updates

Date	Version	Detail
2020-12-15	82.57100	Sig Updated
2020-12-03	82.28000	Sig Updated
2020-11-03	81.56700	Sig Updated
2020-10-27	81.39700	Sig Updated
2020-10-06	80.89700	Sig Updated
2020-09-22	80.55200	Sig Updated
2020-09-21	80.53900	Sig Updated
2020-09-01	80.04700	Sig Updated
2020-08-27	79.93400	Sig Updated
2020-08-12	79.57800	Sig Added

ID	8242986
Released	Aug 12, 2020
Description Updated	Aug 12, 2020
Platform Profile	Win32 file format / PE 32 bit
Profile Type	Trojan Password Stealing (tr.pws)

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

W32/Mimikatz.BXE!tr.pws

Analysis

Recommended Action

Telemetry

Detection Availability

Version Updates

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Virus

W32/Mimikatz.BXE!tr.pws

Analysis

Recommended Action

Telemetry

Detection Availability

Version Updates

Threat Intelligence
Center