MSIL/AndroxGhost.HACK!tr
Analysis
MSIL/AndroxGhost.HACK!tr is classified as a trojan.
A trojan is a type of malware that performs activites without the user’s knowledge.
Below are some of its observed characteristics/behaviours:
- This malware is related to the AndroxGhost outbreak.
- This malware is a hack tool. Attackers may leverage this tool to steal sensitive data, such as access keys. The compromised credentials may then be used in malicious ways such as phishing, spamming, or malicious email campaigns.
- Following are some of the exact file hashes associated with this detection:
- Md5: 04d665daefd085054664799a799410ac
Sha256: 319e572856a098f7beb8a07a4955e2ba823e24e31b84dfdd714bfcd5acf47a28
- Md5: 04d665daefd085054664799a799410ac
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
Extreme | |
FortiAPS | |
FortiAPU | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |