W32/Agent.JW!tr
Analysis
W32/Agent.JW!tr - 06-05-24
General Info:
This threat is a "PE" executable file, with file size 43520
Installation to System:
- And creates these registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Mailer Data HKEY_CURRENT_USER\Software\Microsoft\Hotmail
More Info:
When executed, this malware displays the following message box: Title: "Microsoft Visual C++ Runtime Library" Message: "Runtime Error! Program: {full path and filename of malware} This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information." It steals the following information: POP3 user name and password, IMAP user name and password, SMTP server and email address, and Outlook Express accounts.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |