virus logo Virus

JS/Phish.64F6!tr

description-logoAnalysis

JS/Phish.64F6!tr is a detection for a Phishing trojan.
Below are some of its observed characteristics/behaviours:

  • This malware will attempt to gain access to the victim's credentials by utilizing social engineering tactics.
  • The malware will direct the user to http://bafybei[removed]enuupl.js.
  • Masquerading as an Office 365 login page, it will prompt the user to enter their credentials in order to view the document.
  • After the login information is entered into the phishing form, the information will be sent to the attacker, therefore compromising the user's credentials.

  • The malware attempts to connect to the following sites:
    • https://bafybei[removed]enuupl.js

  • Following are some of the exact IOCs/file hashes associated with this detection:
    • Md5:322bd28d549b8534939e8581f7a464f6
      Sha256:a1e4c92fa47944d98fda45779e1b805d674223e740d9092c0c7f4aca70ea7a15

    • recommended-action-logoRecommended Action

    • Make sure that your FortiGate/FortiClient system is using the latest AV database.
    • Quarantine/delete files that are detected and replace infected files with clean backup copies.

    Telemetry logoTelemetry

    Detection Availability

    FortiClient
    Extreme
    FortiMail
    Extreme
    FortiSandbox
    Extreme
    FortiWeb
    Extreme
    Web Application Firewall
    Extreme
    FortiIsolator
    Extreme
    FortiDeceptor
    Extreme
    FortiEDR

    Version Updates

    Date Version Detail
    2023-04-25 91.02686
    2023-02-22 91.00807
    2023-02-16 91.00640
    2023-02-14 91.00582
    2022-11-28 90.08250
    2022-10-31 90.07415
    2022-10-11 90.06790
    2022-10-11 90.06787
    ID 10108053
    Released Nov 02, 2022
    Description
    Updated    		 Oct 11, 2022
    Aliases HTML/Phishing.Agent.CWH trojan
    Platform Profile Java Script