Java/Agent.CB66!tr

description-logoAnalysis



Java/Agent.CB66!tr is a detection for a Java trojan.
Below are examples of its observed characteristics/behaviours:

  • This malware may drop any of the following files
    • undefinedUserundefined\QaOuQmZPsJO\ID.txt : This is a text file containing UUID.
    • undefinedUserundefined\QaOuQmZPsJO\NPoFNatbBpY.vwAomV : This is a copy of the original malware.
    • undefinedTempundefined\_0.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.class : X being a numeric character, this file is detected as Java/Adwind.AAU!tr.
    • undefinedTempundefined\_0.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.class : X being a numeric character, this file is detected as Java/Adwind.AAU!tr.
    • undefinedTempundefined\RetrieveXXXXXXXXXXXXXXXXXX.vbs : X being a numeric character, this file is detected as VBS/RetrieveAV.4DD9!tr.

  • This malware may apply any of the following registry modification(s):
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Run
      • Xnfnkrjuiwi = undefinedappdataundefined\oracle\bin\javaw.exe\ -jar undefinedUserundefined\QaOuQmZPsJO\[Random].vwAomV
      This automatically executes the dropped file every time the infected user logs on.



recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiClient
Extreme
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR

Version Updates

Date Version Detail
2022-06-21 90.03462