W32/Stration.D@mm
Analysis
- SchedLgU.Txt
- <random name>.wax
- <alphanumeric>.tmp
- Email format:
- Subject: one of the following:
- Good day
- picture
- Error
- hello
- Mail server report.
- Status
- test
- hello
- Server Report
- Mail Transaction Failed
- Body: starts with one of the following lines:
- The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment
- The message contains Unicode characters and has been sent as a binary attachment.
- Mail transaction failed. Partial message is available.
- Mail server report.
- Attachments: one of the following:
- test.msg.scr
- body.elm.scr
- file.dat.pif
- body.msg.cmd
- message.dat.exe
- body.dat.cmd
- docs.elm.cmd
- Update-KB<random 4-digit number>-x86.zip
- message.zip
- text.msg.exe
- docs.dat.pif
- document.dat.exe
- file.dat.bat
- text.elm.scr
- data.elm.pif
- docs.txt.cmd
- docs.txt.bat
- data.txt.bat
- test.log.bat
- Uses its own SMTP engine to send itself to email addresses that it finds.
Recommended Action
-
FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |