W32/Bagle.HK@mm
Analysis
- C:\Windows\System32\wintems.exe
- C:\Documents and Settings\[user]\Application Data\hidires\hidr.exe
- C:\Documents and Settings\[user]\Application Data\hidires\m_hook.sys
- key: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- value: drvsyskit
- data: c:\Documents and Settings\[user]\Application Data\hidires\hidr.exe
- key: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- value: german.exe
- data: c:\windows\system32\wintems.exe
Recommended Action
-
FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |