JS/Agent.UNS!tr
Analysis
JS/Agent.UNS!tr is a generic detection for a Javascript trojan.
Since this is a generic detection, malware that are detected as JS/Agent.UNS!tr may have varying behaviour.
Below are some of its observed characteristics/behaviours:
- This malware connects to a malicious URL that will randomly redirect users to unwanted web pages, including phishing websites, and may attempt to gain access to a user's credentials by utilizing social engineering tactics.
- Below are some of the sites to which some of the samples observed tried to connect to:
- hxxp://www[.]wbo[Removed]ter[.]shop/11062-[Removed]514228/mi[Removed]a/tindex1[.]html
- hxxp://www[.]ligh[]Removedamera[.]shop/10818[Removed]8182539/martin.p[Removed]ka/tindex1[.]html
- hxxp://www[.]sin[Removed]lomian[.]shop/tr[Removed]SEM/KESGVOTPQ/10805[Removed]24/238/34[Removed]42/index[.]htm
- Following are some of the near/exact IOCs/file hash associated with this detection:
- MD5: 29673d51254ee2c3a4f8a554d05d9a9e
Sha256: 45c8c3611574c91661c31ba82c9342aac4c979cd79f1857c6967192613ef659e - MD5: 1ed089a4c6e0293231f2006349a48352
Sha256: 33d17b0baf0670873f8d56b0a34e29427651e050e30e679d319fe91e195515d3 - MD5: d0dc122a1803e0a0d9da2952bc9af170
Sha256: f5d9e33092b133c1ba08c63656a9bd2bfd919f8bc53f024f4b3df8487917b7f9 - MD5: 328edb56b216c06890689924883a55cd
Sha256: f4e68406e6d682f2262faceb996fa371bfba1d82d94bc7c41657cb4b0b41e750 - MD5: 4a680f7de7a2ea159b4f68656b9dd026
Sha256: 8920be8f2a8e36e22d903a24ecd48de647224a653536aefab16c3150b30ee931
- MD5: 29673d51254ee2c3a4f8a554d05d9a9e
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |