BAT/Agent.EA14!tr
Analysis
BAT/Agent.EA14!tr is a detection for a trojan.
Below are some of its observed characteristics/behaviours:
- This malware is related to the Cuba ransomware outbreak. Cuba ransomware utilizes legitimate windows services, such as powershell, to execute a payload. Cuba ransomware is known to install Cobalt Strike beacons to exploit vulnerabilities in the host environment.
- This malware has been associated with the following third party article/advisory.
https://www.ic3.gov/Media/News/2021/211203-2.pdfThe correlation has been established due to a database near/exact match on one of the sample/IOC/file hash indicated in the mentioned resource.
- Md5: 3fe1a3aaca999a5db936843c9bdfea14
Sha256: e82cc49c03320a0fb6ec3512c0ca3332eb1b40070cc53a78bc80b77b4aba975c
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |