XM/Laroux.fam
Analysis
- This virus hooks the Auto_Open macro of infected files in order to automatically run its code.
- It exists in a code module named laroux.
- When executed, it verifies if it has infected the Excel environment by searching for the file Binv.xls in the XLStart folder. If the file does not exist, a new workbook is created, infected and then saved as Binv.xls in the XLStart folder.
- It sets the following workbook properties to a null value during infection:
- Title = ""
- Subject = ""
- Author = ""
- Keywords = ""
- Comments = ""
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |