JS/Agent.NDSJ!tr

description-logoAnalysis

JS/Agent.NDSJ!tr is a generic detection for a trojan.
Since this is a generic detection, malware that are detected as JS/Agent.NDSJ!tr may have varying behaviour.
Below are some of its observed characteristics/behaviours:

  • This malware is an obfuscated injected JS script that uses an observed common variable name found amongst all its variants set initially to "undefined". It makes use of the XMLHttpRequest object and HttpClient which is used to send and receive data from URLs.

  • Following are some of the near/exact IOCs/file hash associated with this detection:
    • Md5:08c623a40e29577e72f8a545b3f58490
      Sha256:9840bc3b56285ed6a5fca19188ada1791cd7448bffd021409f02dbb73442f651
    • Md5:0d74228f585ae534296920c13cffd250
      Sha256:8d15ff1e10b5f5ea9834f092f194b7fe773f7bc734826f1fc88023c8e7be3f24
    • Md5:0e55f8d16b32c57619f695f58fea0888
      Sha256:24af54c194a4e8a5a110dbeede369a51d5d95468cd56dd9556de050e2f4ea452
    • Md5:1ecc2a0a9865ca060bffda22d3634160
      Sha256:89ad59e0d1185bd104171a967295f2a800b2b1c2441e866aec9b2aa832b556ca
    • Md5:36cde49d829f5db65a4d3132b244e332
      Sha256:10926ea001fc857e5cd1d52e3b88a0c3aaa8458cef8aa0c83d63b023d928eafb

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2024-03-21 92.02660
2024-03-14 92.02447
2024-03-06 92.02193
2024-02-08 92.01392
2024-01-22 92.00886
2024-01-02 92.00281
2024-01-01 92.00251
2023-12-08 91.09540
2023-11-17 91.08887
2023-11-15 91.08826