Concrete signature match: Trojan Downloader - Downloads additional malware for 32-bit Windows platform, family Fragtor
This threat is a trojan downloader from the Fragtor family, detected via machine learning behavioral analysis. It exhibits malware-like characteristics such as DLL injection, anti-debugging, and Autorun capabilities, with the primary goal of downloading and executing additional malicious payloads onto the compromised system.
Relevant strings associated with this threat: - ware (PEHSTR_EXT) - AutoRun (PEHSTR_EXT) - CPU_Identification (PEHSTR_EXT) - DLL_Injection (PEHSTR_EXT) - Debugger_Identification (PEHSTR_EXT) - Decode_Base64 (PEHSTR_EXT) - Load_From_File (PEHSTR_EXT) - _Debugger_Identification (PEHSTR_EXT) - _CPU_Identification (PEHSTR_EXT) - _DLL_Injection (PEHSTR_EXT) - _Load_From_File (PEHSTR_EXT) - _Decode_Base64 (PEHSTR_EXT) - aseguifaehgigh (PEHSTR_EXT) - viaegjaewg_aeifgaje (PEHSTR_EXT) - aowfawjfs_jvgjgfjgw (PEHSTR_EXT) - fkawofgjwgjs (PEHSTR_EXT) - xcvjhieasgega (PEHSTR_EXT) - sdgioeasgjh_ajwsdfjsad_dws (PEHSTR_EXT) - NoisgisjhghAsrguier (PEHSTR_EXT) - Ojasguiseiguhshg (PEHSTR_EXT) - OsghusghuuhAiusghseurg (PEHSTR_EXT) - Kisajgfoisjgjsaf (PEHSTR_EXT) - ToiagsfoisadoiAoisgji (PEHSTR_EXT) - Vsgioesajgisauehg (PEHSTR_EXT) - JisahgfiuseahAsghuihse (PEHSTR_EXT) - MoasgfiueahAsriguhrsuh (PEHSTR_EXT) - Roasuehgfaui3D (PEHSTR_EXT) - formplat (PEHSTR_EXT) - .dll (PEHSTR_EXT) - Adva (PEHSTR_EXT) - VerQueryValueW (PEHSTR_EXT) - |#d1e49aac-8f56-4280-b9ba-993a6d77406c (NID) - }#d1e49aac-8f56-4280-b9ba-993a6d77406c (NID) - &|#b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 (NID) - &}#b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 (NID) - y*|#56a863a9-875e-4185-98a7-b882c64b5ce5 (NID) - y*}#56a863a9-875e-4185-98a7-b882c64b5ce5 (NID) - C|#be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 (NID) - C}#be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 (NID) - L|#3b576869-a4ec-4529-8536-b80a7769e899 (NID) - L}#3b576869-a4ec-4529-8536-b80a7769e899 (NID) - |#5beb7efe-fd9a-4556-801d-275e5ffc04cc (NID) - }#5beb7efe-fd9a-4556-801d-275e5ffc04cc (NID) - |#01443614-cd74-433a-b99e-2ecdc07bfc25 (NID) - }#01443614-cd74-433a-b99e-2ecdc07bfc25 (NID) - |#d3e037e1-3eb8-44c8-a917-57927947596d (NID) - }#d3e037e1-3eb8-44c8-a917-57927947596d (NID) - |#7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c (NID) - }#7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c (NID) - |#92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b (NID) - }#92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b (NID)
8b4e15a98255e4425c519559b34e729cb6e43e650546d34b515cffe80bd1ededIsolate the affected machine from the network immediately. Run a full scan with an updated antivirus solution to remove the threat and any dropped payloads. Investigate for persistence mechanisms (e.g., scheduled tasks, registry run keys) and change all credentials used on the system.