W32/AndroxGhost.HACK!tr
Analysis
W32/AndroxGhost.HACK!tr is classified as a trojan.
A trojan is a type of malware that performs activites without the user’s knowledge.
Below are some of its observed characteristics/behaviours:
- This malware is related to the AndroxGhost outbreak.
- This malware is a hack tool. Attackers may leverage this tool to steal sensitive data, such as access keys. The compromised credentials may then be used in malicious ways such as phishing, spamming, or malicious email campaigns.
- Following are some of the exact file hashes associated with this detection:
- Md5: fd7d85011fe0e05612b151e64363c04d
Sha256: 45e051313272899973f16f5e79bf9ebe0a7f303b9dbeca13af9d65b97c59beae
- Md5: fd7d85011fe0e05612b151e64363c04d
Outbreak Alert
FortiGuard Labs continue to observe widespread activity of Androxgh0st Malware in the wild exploiting multiple vulnerabilities, specifically targeting- the PHPUnit (CVE-2017-9841), Laravel Framework (CVE-2018-15133) and Apache Web Server (CVE-2021-41773) to spread and conduct information gathering attacks on the target networks
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |