WinCE/Brador.A!tr
Analysis
Specifics
This Trojan is a proof-of-concept for Windows CE handheld
devices. The Trojan is 5,632 bytes in size and was coded
using general Assembler for ARM processors.
The Trojan contains instructions to send a short note in this format -
From: br@mail.ru
To: brokensword@ukr.net
The note is sent as a notification message that the
handheld device is compromised, and it mentions the
IP address of the hand-held device.
The Trojan will bind with TCP port 2989 and await instructions
from a malicious user.
Loading at Windows Startup
When the Trojan is run on a Windows CE hand-held device,
it may copy itself to the folder 'c:\windows\startup\'.
Having any file in this folder will automatically run
that file.
Recommended Action
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |