W32/Fareit.A!tr

description-logoAnalysis


W32/Fareit.A!tr is a generic detection for a type of trojan that drops other malware onto the compromised computer. Since this is a generic detection, files that are detected as W32/Fareit.A!tr may have varying behavior.
Below are examples of some of these behavior:

  • W32/Fareit.A!tr creates a randomly named folder in the Temporary folder. It downloads and drops W32/Kryptik.FF!tr into a randomly named file into this newly created folder, e.g., undefinedTempundefined\Ovgoud\liuveb.exe.

  • Users that are infected by this malware may observe the system perform DNS queries on certain domain names, such as:
    • sa{Removed}ol.su

  • It disguises itself by using the Adobe PDF icon.

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2023-03-21 91.01630
2023-02-27 91.00976
2023-02-17 91.00670
2023-02-16 91.00655
2023-02-16 91.00640
2023-02-14 91.00562
2022-11-28 90.08250
2022-11-08 90.07650
2022-11-07 90.07624
2022-10-11 90.06793