Malware_fam.gw
Analysis
Malware_fam.gw is a highly generic detection for a trojan.
This detection does not specifically classify any type or family of malware, but is simply a generic detection name wherein at the moment of detection release no initial identification was able to be derived during that time.
Since this is a generic detection, malware that are detected as Malware_fam.gw may have varying behaviour.
Below are examples of some of these behaviours:
- Some of the samples belonging to this detection are Banker Related Trojans.
- Another noticeable characteristics is that some of the samples are in SFX distributable form.
- Some instances are possible spyware related tools.
- Some instances are presented as keylogger.
- During the time of our tests some of the samples attempted connection to a certain aishu{Removed}.com
- Below are some of the illustration:
- Figure 1: Keylogger.
- Figure 2: SFX distributed.
- Figure 3: UI.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |