W32/GenKryptik.AVXR!tr
Analysis
W32/GenKryptik.AVXR!tr is a generic detection for a trojan. Since this is a generic detection, malware that are detected as W32/GenKryptik.AVXR!tr may have varying behaviour.
Below are examples of some of these behaviours:
- This malware may drop any of the following file(s):
- undefinedAppDataundefined\[Random]\[Random].exe : This file is detected as W32/GenKryptik.AVXR!tr.
- undefinedAppDataundefined\[Random]\[Random].lck : This is a data file.
- undefinedAppDataundefined\lesrss.dat : This file is a text file.
- undefinedAppDataundefined\pid.txt : This file is a text file.
- undefinedAppDataundefined\pidloc.txt : This file is a text file.
- undefinedAppDataundefined\remcos\remcos.exe : This file is a copy of the original malware itself.
- undefinedAppDataundefined\subfolder\filename.exe : This file is detected as W32/GenKryptik.AVXR!tr.
- undefinedAppDataundefined\subfolder\rfgfcwsxf.exe : This file is detected as W32/GenKryptik.AVXR!tr.
- undefinedStartUpundefined\filename.vbe : This file is a text file.
- undefinedStartUpundefined\rfgfcwsxf.vbe : This file is a text file.
- undefinedTempundefined\install.vbs : This is a small VBS script that intends to run remcos.exe.
- This malware may connect to any of the following remote sites(s):
- bizlen{Removed}.usa.cc
- lokpanel{Removed}.info
- This malware may apply any of the following registry modification(s):
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run
- Remcos = undefinedAppDataundefined\remcos\remcos.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run
- Some instances of this malware may have code injection capabilities.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |
Version Updates
Date | Version | Detail |
---|---|---|
2020-03-04 | 75.71900 | Sig Updated |