SymbOS/Skulls.E
Analysis
Install Mariya?
- C:\System\Apps\Appctrl\Appctrl.aif
- C:\System\Apps\Appctrl\Appctrl.app
- C:\System\Apps\BtUi\BtUi.aif
- C:\System\Apps\BtUi\BtUi.app
- C:\System\Apps\efileman\efileman.aif
- C:\System\Apps\efileman\efileman.app
- C:\System\Apps\FExplorer\FExplorer.aif
- C:\System\Apps\FExplorer\FExplorer.app
- C:\System\Apps\File\File.aif
- C:\System\Apps\File\File.app
- C:\System\Apps\FileManager\FileManager.aif
- C:\System\Apps\FileManager\FileManager.app
- C:\System\Apps\FileView\FileView.aif
- C:\System\Apps\FileView\FileView.app
- C:\System\Apps\MediaGallery\MediaGallery.aif
- C:\System\Apps\MediaGallery\MediaGallery.app
- C:\System\Apps\mmcapp\mmcapp.aif
- C:\System\Apps\mmcapp\mmcapp.app
- C:\System\Apps\Phone\Phone.aif
- C:\System\Apps\Phone\Phone.app
- C:\System\Apps\Phonebook\Phonebook.aif
- C:\System\Apps\Phonebook\Phonebook.app
- C:\System\Apps\ProfileApp\ProfileApp.aif
- C:\System\Apps\ProfileApp\profileapp.app
- C:\System\Apps\SmartFileMan\SmartFileMan.aif
- C:\System\Apps\SmartFileMan\SmartFileMan.app
- C:\System\Apps\Startup\Startup.aif
- C:\System\Apps\Startup\Startup.app
- C:\System\Apps\SystemExplorer\SystemExplorer.aif
- C:\System\Apps\SystemExplorer\SystemExplorer.app
- C:\System\Apps\ThNdRbRd\ThNdRbRd.aif
- C:\System\Apps\ThNdRbRd\ThNdRbRd.app
- C:\System\Apps\Voicerecorder\Voicerecorder.aif
- C:\System\Apps\Voicerecorder\Voicerecorder.app
- C:\System\Apps\Mariya\Mariya.APP (Fortinet detects it as SymbOS/Cabir.A!worm)
- C:\System\Apps\Mariya\Mariya.RSC
- C:\System\Apps\Mariya\Naw.MDL (Fortinet detects it as SymbOS/Cabir_ezboot.V)
- C:\System\data\Backgroundimage.mbm
- C:\System\Nawrasxsecuredata\NawraSSECURITYMANAGER\Mariya.SIS (Fortinet detects it as SymbOS/Cabir.D!worm)
- C:\System\Nawrasxsecuredata\NawraSSECURITYMANAGER\Mariya.APP (Fortinet detects it as SymbOS/Cabir.A!worm)
- C:\System\Nawrasxsecuredata\NawraSSECURITYMANAGER\Mariya.RSC
- C:\System\Recogs\Naw.MDL
Recommended Action
- Delete all modules and binary files associated with this threat. Replace affected applications with backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |