W32/Qbot.BK!tr
Analysis
- undefinedLocalAppDataundefined\Microsoft\[RandomName_1].wpl: This file is detected as JS/Obfuscated!tr
- undefinedAppDataundefined\Microsoft\[RandomName_1]i\[RandomName_2].dll: This is a none malicious data file.
- undefinedAppDataundefined\Microsoft\[RandomName_1]i\[RandomName_1].exe: This file is detected as W32/Qbot.BK!tr
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- [RandomName_3] = ""undefinedAppDataundefined\Microsoft\[RandomName_4]\[RandomName_1].exe""
- kohd{Removed}.com
- wv{Removed}.org
- rvc{Removed}.net
- 5.30{Removed}98
- 15.23{Removed}111
- 18.167{Removed}148
- 23.58{Removed}146
- 60.169{Removed}106
- 61.107{Removed}143
- 71.154{Removed}112
- 77.114{Removed}219
- 81.67{Removed}212
- 92.169{Removed}106
- 96.76{Removed}135
- 124.61{Removed}155
- 152.30{Removed}98
- 196.12{Removed}88
- 217.167{Removed}176
- 218.70{Removed}210
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |