JS/Agent.NDSJ!tr
Analysis
JS/Agent.NDSJ!tr is a generic detection for a trojan.
Since this is a generic detection, malware that are detected as JS/Agent.NDSJ!tr may have varying behaviour.
Below are some of its observed characteristics/behaviours:
- This malware is an obfuscated injected JS script that uses an observed common variable name found amongst all its variants set initially to "undefined". It makes use of the XMLHttpRequest object and HttpClient which is used to send and receive data from URLs.
- Following are some of the near/exact IOCs/file hash associated with this detection:
- Md5:08c623a40e29577e72f8a545b3f58490
Sha256:9840bc3b56285ed6a5fca19188ada1791cd7448bffd021409f02dbb73442f651 - Md5:0d74228f585ae534296920c13cffd250
Sha256:8d15ff1e10b5f5ea9834f092f194b7fe773f7bc734826f1fc88023c8e7be3f24 - Md5:0e55f8d16b32c57619f695f58fea0888
Sha256:24af54c194a4e8a5a110dbeede369a51d5d95468cd56dd9556de050e2f4ea452 - Md5:1ecc2a0a9865ca060bffda22d3634160
Sha256:89ad59e0d1185bd104171a967295f2a800b2b1c2441e866aec9b2aa832b556ca - Md5:36cde49d829f5db65a4d3132b244e332
Sha256:10926ea001fc857e5cd1d52e3b88a0c3aaa8458cef8aa0c83d63b023d928eafb
- Md5:08c623a40e29577e72f8a545b3f58490
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |