virus logo Virus

W32/CS_AA21_201A!tr

description-logoAnalysis

W32/CS_AA21_201A!tr is a detection for a trojan.
Below are some of its observed characteristics/behaviours:

  • This malware has been associated with the following third party article/advisory. 
    https://us-cert.cisa.gov/ncas/alerts/aa21-201a
    The correlation has been established due to a database near/exact match on one of the sample/IOC/file hash indicated in the mentioned resource.

  • Following are some of the near/exact IOCs/file hash associated with this detection:
    • Md5: 05476307F4BEB3C0D9099270C504F055
      Sha256: 4061d512d2b12c883d5ec03aa968af031daba7ad93d01840bc342738a3e28130
    • Md5: 17199DDAC616938F383A0339F416C890
      Sha256: 40d45fb455cf2db58dda6a57d437e626d5d7d86d4598d4afccab0ac7ff6d6b3e


recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2023-11-29 91.09265
2023-11-20 91.08976
2021-12-03 89.07433
2021-12-03 89.07432
ID 10070936
Released Dec 07, 2021
Description
Updated		 Dec 03, 2021
Aliases BKDR_HACKFASE.A,aa21-201a
Platform Profile Win32 file format / PE 32 bit