W32/Filecoder.OBF!tr.ransom
Analysis
W32/VHD.OBF!tr.ransom is a generic detection for ransomware trojans released by the Lazarus group.
-
Following are some of the near/exact IOCs/file hash associated with this detection:
- 6d12547772b57a6da2b25d2188451983 - W32/VHD.1983!tr.ransom
- ccc6026acf7eadada9adaccab70ca4d6 - W32/VHD.A4D6!tr.ransom
- d0806c9d8bcea0bd47d80fa004744d7d - W32/VHD.A4D6!tr.ransom
- dd00a8610bb84b54e99ae8099db1fc20 - W32/VHD.OBF!tr.ransom
- efd4a87e7c5dcbb64b7313a13b4b1012 - W32/VHD.1012!tr.ransom
- The following are some illustrations related to the malware during our quick analysis:
- Figure 1: Ransom note.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |