W32/Fareit.A!tr
Analysis
W32/Fareit.A!tr is a generic detection for a type of trojan that drops other malware onto the compromised computer. Since this is a generic detection, files that are detected as W32/Fareit.A!tr may have varying behavior.
Below are examples of some of these behavior:
- W32/Fareit.A!tr creates a randomly named folder in the Temporary folder. It downloads and drops W32/Kryptik.FF!tr into a randomly named file into this newly created folder, e.g., undefinedTempundefined\Ovgoud\liuveb.exe.
- Users that are infected by this malware may observe the system perform DNS queries on certain domain names, such as:
- sa{Removed}ol.su
- It disguises itself by using the Adobe PDF icon.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |