| ID | 7388831 |
| Released | May 16, 2017 |
| Description Updated | May 19, 2017 |
Detection Availability
| FortiGate |
|
|---|---|
| FortiClient |
|
| FortiAPS |
|
| FortiAPU |
|
| FortiMail |
|
| FortiSandbox |
|
| FortiWeb |
|
| Web Application Firewall |
|
| FortiIsolator |
|
| FortiDeceptor |
|
| FortiEDR |
|
Threat Profile
Aliases:- JS/DwnLdr-TAX
- JS/TrojanDownloader.Agent.QJC trojan
- Trojan-Downloader.JS.Agent
Java Script
Refine Search
Threat Encyclopedia
JS/Agent.D325!tr
Analysis
JS/Agent.D325!tr is a generic detection for a type of Javascript downloader trojan that downloads the Ursnif malware onto the compromised computer. Since this is a generic detection, files that are detected as JS/Agent.D325!tr may have varying behavior.
Below are examples of some of these behavior:
- It downloads the following file:
- undefinedTempundefined\tmp702677.446 : This file is detected as W32/Androm.E!tr.bdr.
- It attempts to connect to the following URLs:
- hxxp://trio{Removed}.biz/nvidi.oct
- hxxp://dace{Removed}.net/crmain.cd
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
