W32/Autorun.PNL!worm
Analysis
W32/Agent.WJM!tr.dldr is classified as a downloader trojan.
Downloader Trojans have the capability to download other malicious files or updated versions of themselves.
- key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
- value: Debugger
- data: undefinedProgram Filesundefined\Microsoft Common\wuauclt.exe
- key: HKLM\SYSTEM\CurrentControlSet\Services\{C702F274-C900-485F-A4C7-9F9DD9772A2B}\Parameters\Tcpip
- value: DhcpDefaultGateway and DhcpSubnetMaskOpt
- aas[removed].ru
Recommended Action
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |