virus logo Virus

Riskware/UtilityCmdLineMailClientBlat3219

description-logoAnalysis

Riskware/UtilityCmdLineMailClientBlat3219 is a detection for a potentially unwanted command line application.
Below are some of its observed characteristics/behaviours:

  • This detection is for a utility referred to itself as blat, originally authored from now defunct page gepas[Removed].dbs.aber.ac.uk

  • This application is basically used as an smtp mailing client purely from a command line similar to ssmtp in linux.

  • As like any command line utility this application can be abused by being used as mail spammer.

  • Below are some illustration of the application:

    • Figure 1: Command line Interface.


  • Following are some of the near/exact IOCs/file hash associated with this detection:
    • Md5: 46DBDF011B4F4F535608BB2C0862FDB5
      Sha256: cd026e10a6a8d2e164e67e859b058dc4642121f8e12075d1db980eafe1e7462d


recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2023-11-29 91.09265
2021-08-24 88.00615
2021-08-24 88.00613
2021-08-24 88.00609
2021-05-20 86.00315
2021-05-18 86.00266
ID 10026952
Released May 18, 2021
Description
Updated		 May 18, 2021
Aliases Win32.Riskware.Blat.A,not-a-virus:HEUR:Client-SMTP.Win32.Convagent.gen
Platform Profile Riskware is a term for potentially unwanted or dangerous software programs that do not fall under Adware. They could be legitimate software applications that may be misused and pose possible security risks to users.