W32/Agent.VG!tr
Analysis
W32/Agent.VG-tr - 05-12-07
Files:
- Copies itself to: + undefinedSystemRootundefined/undefinedWinDirundefined
- Drop files: + ".exe"
Installation to System:
- Drops the following files:
attempts to drop or download a file named lsasrv.exe in the system directory - And creates these registry entries:
HKLM\Software\Microsoft\CurrentVersion\Run lsass=undefinedSystemdirundefinedlsasrv.exe
More Info:
after execution the malware pops up a notepad window containing some unreadable text
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |