W32/LegMir!tr.pws

description-logoAnalysis

W32/LegMir!tr.pws - 06-10-09


More Info:

  • Creates a copy of itself to the undefinedWINDOWSundefined folder as "SVCHOST.exe".

  • Drops a file "undefinedWINDOWSundefined\SVCHOST.bmp" which is used for keylogging.

  • Added the following registry: (For Windows NT)
    • key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    • value: Shell
    • data: Explorer.exe undefinedWINDOWSundefined\SVCHOST.exe
  • Added the following registry:
    • key: HKLM\SoftWare\Microsoft\Windows\CurrentVersion\Run
    • value: SVCHOST.exe
    • data: undefinedWINDOWSundefined\SVCHOST.exe
  • Collects confidential information from the infected system and sends them to a hard-coded email address using its own SMTP engine.
  • Telemetry logoTelemetry

    Detection Availability

    FortiGate
    Extended
    FortiClient
    FortiMail
    FortiSandbox
    FortiWeb
    Web Application Firewall
    FortiIsolator
    FortiDeceptor
    FortiEDR

    Version Updates

    Date Version Detail
    2023-02-21 91.00794
    2023-02-16 91.00640
    2023-02-14 91.00573
    2023-01-24 90.09944
    2023-01-08 90.09462
    2022-12-19 90.08872
    2022-09-27 90.06370
    2022-07-31 90.04645
    2022-07-05 90.03884
    2022-05-05 90.02025