VirusVBA/Agent.QAP!tr.dldr
Analysis
VBA/Agent.QAP!tr.dldr is a generic detection for a Macro Downloader Trojan.
Since this is a generic detection, this malware may have varying behaviour.
- This malicious document download from any of the remote site listed below.
- studioameli{Removed}.com/dvmu/xwvlx860812/
- greyproductio{Removed}.com/wordpress/rl8h1511/
- Below are illustrations of infected document(s):
- Figure 1: Infected Document.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
| FortiGate | |
|---|---|
| FortiClient | |
| FortiAPS | |
| FortiAPU | |
| FortiMail | |
| FortiSandbox | |
| FortiWeb | |
| Web Application Firewall | |
| FortiIsolator | |
| FortiDeceptor | |
| FortiEDR |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2022-03-29 | 90.00912 | |
| 2021-03-09 | 84.00585 | |
| 2021-01-26 | 83.57800 | Sig Updated |
| 2020-11-03 | 81.56700 | Sig Updated |
| 2020-09-29 | 80.72800 | Sig Updated |
| 2020-09-22 | 80.56100 | Sig Updated |
| 2020-09-01 | 80.05600 | Sig Updated |
| 2020-08-04 | 79.38400 | Sig Updated |
| 2020-07-28 | 79.21600 | Sig Updated |
| 2020-07-14 | 78.88000 | Sig Updated |