VBA/Agent.QAP!tr.dldr
Analysis
VBA/Agent.QAP!tr.dldr is a generic detection for a Macro Downloader Trojan.
Since this is a generic detection, this malware may have varying behaviour.
- This malicious document download from any of the remote site listed below.
- studioameli{Removed}.com/dvmu/xwvlx860812/
- greyproductio{Removed}.com/wordpress/rl8h1511/
- Below are illustrations of infected document(s):
- Figure 1: Infected Document.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |
Version Updates
Date | Version | Detail |
---|---|---|
2022-03-29 | 90.00912 | |
2021-03-09 | 84.00585 | |
2021-01-26 | 83.57800 | Sig Updated |
2020-11-03 | 81.56700 | Sig Updated |
2020-09-29 | 80.72800 | Sig Updated |
2020-09-22 | 80.56100 | Sig Updated |
2020-09-01 | 80.05600 | Sig Updated |
2020-08-04 | 79.38400 | Sig Updated |
2020-07-28 | 79.21600 | Sig Updated |
2020-07-14 | 78.88000 | Sig Updated |