W32/Systrim.A
Analysis
- Trojan is 32 bit with a size of 36,864 bytes
- When Trojan is executed, it runs memory resident
and creates a Mutex called “systrimit”
- Trojan may then copy itself to the Windows\System32
folder as “Systrimit.exe” and modify the
registry to run at Windows startup –
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Run\
systrimit = C:\Windows\System32\Systrimit.exe
- The purpose of the Trojan is to gather TCP network
information and save it into a log file, possibly
in the root of the C drive as “logfile.txt”
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |