virus logo Virus

W32/Brontok.N@mm

description-logoAnalysis

W32/Brontok.N@mm - 06-10-06


More Info:

  • It drops the following files:
    • Baca Bro !!!.txt
    • c.bron.tok.txt
    • csrss.exe
    • lsass.exe
    • services.exe
    • smss.exe
    • winlogon.exe
    • yesbron.com
  • Added the following registry:
    • key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    • value: [dropped file]
    • data: [location/path of dropped file]
  • Added the following registry:
    • key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • value: [dropped file]
    • data: [location/path of dropped file]
  • Modified the following registry:
    • key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
    • value: AlternateShell
    • data: [name of the dropped .com file]

    Telemetry logoTelemetry

    Detection Availability

    FortiGate
    FortiClient
    FortiAPS
    FortiAPU
    FortiMail
    FortiSandbox
    FortiWeb
    Web Application Firewall
    FortiIsolator
    FortiDeceptor
    FortiEDR

    Version Updates

    Date Version Detail
    2021-11-09 89.06714
    2021-08-24 88.00613
    2021-05-25 86.00433
    2021-03-12 84.00661
    2020-05-12 77.37200 Sig Updated
    2020-03-01 75.63800 Sig Updated
    2020-03-01 75.63600 Sig Updated
    2019-10-15 72.34800 Sig Updated
    2019-09-04 71.36500 Sig Updated
    2019-05-03 68.25100 Sig Updated
    ID 160710
    Released Oct 06, 2006
    Description
    Updated    		 Oct 06, 2006
    Aliases .
    Platform Profile Win32 file format / PE 32 bit