W32/Fareit.L!tr.pws

description-logoAnalysis


W32/Fareit.L!tr.pws is a generic detection for a trojan. Since this is a generic detection, malware that are detected as W32/Fareit.L!tr.pws may have varying behavior.
Below are examples of some of these behaviors:

  • It drops a copy of itself as undefinedAppDataundefined\[RandomName_1]\[RandomName_2].exe.

  • It deletes the original malware file upon execution.

  • The malware connects to the remote server guu{Removed}.blackfriday.

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2024-02-19 92.01722
2024-02-06 92.01334
2024-02-02 92.01210
2024-02-01 92.01191
2024-01-22 92.00882
2024-01-01 92.00252
2023-12-27 92.00101
2023-12-20 91.09891
2023-12-09 91.09573
2023-11-20 91.08981