W32/Agent.DCWP!tr

description-logoAnalysis

W32/Agent.DCWP!tr is a generic detection for a trojan.
Since this is a generic detection, malware that are detected as W32/Agent.DCWP!tr may have varying behaviour.
Below are some of its observed characteristics/behaviours:

  • This malware was allegedly related to the backdoor found in the United States' Commission network. The trojan is linked to the attack due to the similarities of the .dll that was used as a decryptor during the infiltration of the United States Commission network.

  • This malware has been associated with a third party article/advisory.
    The correlation has been established due to a database near/exact match on one of the sample/IOC/file hash indicated in the mentioned resource.

  • This malware serves as a decryption tool to decrypt and execute a malicious .log file in memory.

  • Following are some of the exact IOCs/file hash associated with this detection:
    • Md5: 2895043b9d230cae6ee47c7f223a9f46
      Sha256: bcfacc1ad5686aee3a9d8940e46d32af62f8e1cd1631653795778736b67b6d6e

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2022-05-31 90.02802
2022-05-30 90.02770
2022-03-22 90.00702
2022-02-08 89.09443
2021-12-20 89.07952