W32/Banker.ANV!tr.spy
Analysis
W32/Banker.ANV!tr.spy - 06-05-24
General Info:
This threat is a "PE" executable file, with file size 519680
Files:
- Copies itself to: undefinedSystemRootundefined/undefinedWinDirundefined
Installation to System:
- When run, it copies itself to:
undefinedSystemundefined\lsass32.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\lsass32.exe - And creates these registry entries:
HKEY_CURRENT_USER\Software\Microsoft\MS SETUP (ACME) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run lsass32 = "undefinedSystemundefined\lsass32.exe"
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |