W32/Generic.BN!tr

description-logoAnalysis


W32/Generic.BN!tr is a generic detection for a type of trojan that drops other malware onto the compromised computer. Since this is a generic detection, files that are detected as W32/Generic.BN!tr may have varying behavior.
Below are examples of some of these behavior:

  • It drops the following files:
    • undefinedTempundefined\lcice.exe : This file is detected as W32/Kryptik.OOU!tr and is nearly a direct copy of the original except that the full file path of the original is appended to its overlay.

  • It makes the following network connections:
    • Makes an HTTP request with user-agent: "little update" to ita[REMOVED]/fpdf/2804UKm.dat.

  • If the response from ita[REMOVED]/fpdf/2804UKm.dat  contains an executable file, it attempts to write it to the current directory and executes it as sedil.exe.
  • It may use the PDF icon to masquerade as a PDF file.
  • It attempts to delete the original file from the file path found in the overlay.

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extreme
FortiClient
Extended
FortiMail
Extended
FortiSandbox
Extended
FortiWeb
Extended
Web Application Firewall
Extended
FortiIsolator
Extended
FortiDeceptor
Extended
FortiEDR

Version Updates

Date Version Detail
2021-03-23 84.00920
2021-02-23 84.00249
2020-12-31 82.96600 Sig Updated
2020-12-12 82.50200 Sig Added
2020-09-22 80.56100 Sig Updated
2020-08-18 79.72000 Sig Updated
2020-07-27 79.20300 Sig Updated
2020-07-19 79.00300 Sig Updated
2020-06-09 78.04000 Sig Updated
2020-05-22 77.61200 Sig Updated