Riskware/UtilityCmdLineMailClientBlat3219
Analysis
Riskware/UtilityCmdLineMailClientBlat3219 is a detection for a potentially unwanted command line application.
Below are some of its observed characteristics/behaviours:
- This detection is for a utility referred to itself as blat, originally authored from now defunct page gepas[Removed].dbs.aber.ac.uk
- This application is basically used as an smtp mailing client purely from a command line similar to ssmtp in linux.
- As like any command line utility this application can be abused by being used as mail spammer.
- Below are some illustration of the application:
- Figure 1: Command line Interface.
- Following are some of the near/exact IOCs/file hash associated with this detection:
- Md5: 46DBDF011B4F4F535608BB2C0862FDB5
Sha256: cd026e10a6a8d2e164e67e859b058dc4642121f8e12075d1db980eafe1e7462d
- Md5: 46DBDF011B4F4F535608BB2C0862FDB5
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |