W32/Kryptik.EFAD!tr
Analysis
- undefinedAppDataundefined\[RandomFilename_1].exe: This file is detected as W32/Kryptik.EFAD!tr.
- undefinedUserProfileundefined\Local Settings\Application Data\Microsoft\Windows\[RandomFilename_2].exe: This file is detected as W32/Androm.ECGZ!tr.bdr.
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- [RandomKey] = "undefinedUserProfileundefined\Local Settings\Application Data\Microsoft\Windows\[RandomFilename_2].exe"
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |
Version Updates
Date | Version | Detail |
---|---|---|
2022-08-25 | 90.05404 |