W32/Upatre.FT!tr
Analysis
- It drops a copy of itself to the user's Temporary folder as mixouted.exe.
- At the time of this analysis, it downloaded the following file:
- http://cara{Removed}.co.uk/mandoc/us21.pdf This file, which is an encrypted data file, is copied into the user's Temporary folder as log3950.tmp. It can be detected as Data/Upatre!tr.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |