W64/Agent.I!tr

description-logoAnalysis

W64/Agent.I!tr is a generic detection for a trojan.
Since this is a generic detection, malware that are detected as W64/Agent.I!tr may have varying behaviour.
Below are some of its observed characteristics/behaviours:

  • This malware has been observed to drop a copy of itself as %Windir%\Net Helper\net-helper.exe.

  • The following service related registry modifications are also observed to have been applied:
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\net-helper

  • The malware has been known to be compiled using GoLang.

  • Following are the known IOCs related to this malware
    • 2FF704EE0FA86C21B450E4E267159559
    • B9FECF7B9EFCEC4DEB70D412BB00FEF7


recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2024-03-04 92.02137
2024-01-12 92.00573
2023-08-20 91.06201
2023-03-24 91.01721
2022-10-29 90.07342
2022-07-26 90.04496
2022-07-19 90.04286
2022-07-12 90.04092
2022-06-07 90.03046
2022-05-25 90.02620