Threat Encyclopedia



JS/Agent.D325!tr is a generic detection for a type of Javascript downloader trojan that downloads the Ursnif malware onto the compromised computer. Since this is a generic detection, files that are detected as JS/Agent.D325!tr may have varying behavior.
Below are examples of some of these behavior:

  • It downloads the following file:
    • undefinedTempundefined\tmp702677.446 : This file is detected as W32/Androm.E!tr.bdr.

  • It attempts to connect to the following URLs:
    • hxxp://trio{Removed}.biz/nvidi.oct
    • hxxp://dace{Removed}.net/

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry