ASP/Chopper.A!tr
Analysis
ASP/Chopper.A!tr is a generic detection for a trojan.
This malware has been associated with the following Hafnium article/advisory:
- https://fndn.fortinet.net/FortiGuard-Alert-Outbreaks/Hafnium-Fabric-View/
- MD5: 5544ba9ad1b56101b5d52b5270421d4a
Sha256: 511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1 - MD5: f8c6d90f1249c0b26f110dae3fe0fae6
Sha256: 883b886be927b4ea92892674641db5654f4b08b916b2ce97ee82ad2757d1e592
- The malware is a small code of eval call for a certain Request.Form "error" along with a parameter string "unSAfE".
This is possibly used to indicate that the compromised host contains some third party security currently installed.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |