virus logo Virus

W64/LockFile.9CAD!tr.ransom

description-logoAnalysis

W64/LockFile.9CAD!tr.ransom is a detection for a Ransomware Lockfile trojan.
Below are some of its observed characteristics/behaviours:

  • This detection has been associated with a 64 bit Ransomware Lockfile, nonetheless during our quick tests the sample appears to be not executing properly or has had some bugs/malformed header.

  • Following are some of the near/exact IOCs/file hash associated with this detection:
    • Md5: 2FB0E5510C427FB589280FB666EF9CAD
      Sha256: 1d7047ac4a903a4ac0e4587ddb361cb3d17cae2d8f5e8286151587a9b013fcdd
    • Md5: DF30D67F1EDD66174A5E760255BE934D
      Sha256: 3303a19789a73fa70a107f8e35a4ce10bb4f6a69ac041a1947481ed8ae99a11c


recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2023-11-22 91.09040
2022-06-15 90.03285
2022-05-31 90.02802
2022-05-25 90.02622
2021-09-10 89.00130
2021-09-01 88.00801
2021-08-27 88.00684
2021-08-26 88.00657
ID 10052844
Released Aug 27, 2021
Description
Updated		 Aug 26, 2021
Aliases Trojan-Ransom.Win32.Crypren.aicn
Platform Profile Win64 file format / PE 64 bitW95