HTML/Small.A!tr

description-logoAnalysis

HTML/Small.A!tr is a generic detection for a JS/HTML trojan. Since this is a generic detection, malware that are detected as HTML/Small.A!tr may have varying behaviour.
Below are some of its observed characteristics/behaviours:

  • Most of these samples for this detection involved an injected 1 liner of Javascript that intends to execute a function passed with a changing string parameter.
    Some of these samples did not hold the actual code for the so called function, indicating that there could be associated scripts/components apart from the affected HTML hosts.
    It is also possible that this is just the byproduct of a certain attack on affected servers.

  • Until recently most of the observerd affected html sites seems to belong to chinese websites.

  • Below are some of the illustration of the affected html websites:

    • Figure 1: Affected site.


    • Figure 2: Affected site.


    • Figure 3: Affected site.


    • Figure 4: Affected site.


  • Following are some of the near/exact IOCs/file hash associated with this detection:
    • Md5: 34433E66A478AEE0F3770C39735912B5
      Sha256: 6076c102c458a63e7cdb70b2cd575b086ad3684a5cc6d9da1c684678b45a95d9
    • Md5: D553E134EC89D4886B20682DEC90FCD3
      Sha256: 1ac38a5aa91d7157dd1455daefd226c7df5d776d061bfe1b7020a97cf32ff647
    • Md5: 775279D53599787A2096FE2F2CFAF500
      Sha256: f922d6a12f2b7f20629424bde43cdca6ce5c66e30e7c7b6f1d57f223dcb6d002
    • Md5: 7BD286E9826584039CB52C562E8681D8
      Sha256: 0540ba04754d62e9d050b964fc490f1f1ff9ed7e090292fdda662935ba7892ef
    • Md5: DCB46DD434709E546DF3ACFF2325A2EC
      Sha256: 3f0af54fcf488c0c20f85e4625340d0a2c90a9ce23696e591b78bb9d6a6e2e50


recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2024-01-22 92.00882
2023-01-09 90.09504
2022-10-18 90.07000
2022-05-04 90.02000
2021-10-05 89.05661
2020-08-11 79.54200 Sig Updated
2020-07-03 78.61100 Sig Added