W64/LockFile.9CAD!tr.ransom
Analysis
W64/LockFile.9CAD!tr.ransom is a detection for a Ransomware Lockfile trojan.
Below are some of its observed characteristics/behaviours:
- This detection has been associated with a 64 bit Ransomware Lockfile, nonetheless during our quick tests the sample appears to be not executing properly or has had some bugs/malformed header.
- Following are some of the near/exact IOCs/file hash associated with this detection:
- Md5: 2FB0E5510C427FB589280FB666EF9CAD
Sha256: 1d7047ac4a903a4ac0e4587ddb361cb3d17cae2d8f5e8286151587a9b013fcdd - Md5: DF30D67F1EDD66174A5E760255BE934D
Sha256: 3303a19789a73fa70a107f8e35a4ce10bb4f6a69ac041a1947481ed8ae99a11c
- Md5: 2FB0E5510C427FB589280FB666EF9CAD
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |