W32/Agent.NAB!tr

description-logoAnalysis

  • Copies itself to:
    • undefinedSYSTEMundefined\adirss.exe
  • Adds the following registry:
    • key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    • value: sysinter
    • data: undefinedSYSTEMundefined\adirss.exe
  • Calls the following command to bypass the Windows firewall:
    • netsh firewall set allowedprogram "undefinedSYSTEMundefined\adirss.exe" enable
  • Creates an SMTP server and listens to the localhost port 25.
  • recommended-action-logoRecommended Action

      FortiGate Systems
    • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

    Telemetry logoTelemetry

    Detection Availability

    FortiClient
    Extreme
    FortiMail
    Extreme
    FortiSandbox
    Extreme
    FortiWeb
    Extreme
    Web Application Firewall
    Extreme
    FortiIsolator
    Extreme
    FortiDeceptor
    Extreme
    FortiEDR