Jump to content

Submission of possible malware

Recommended Posts

@kieferschild Got the info from research. This is a variant of backdoor.nanocore, it is a Trojan meant for gathering information from a Windows system and can modify settings, gather data and send it to a remote remote threat actor. Two stand out things to check for this guy; double check what your web homepages and search engines have been set to, they could be pointing to compromised sites. And change your passwords for domain and the local accounts, this is likely going to need to be done site-wide, the actor that gained access to your machine could've gotten more info and credentials than what was just on that box alone.

The original author of this is serving prison time, here is an article that talks about that and some of the main functions of this Trojan - https://arstechnica.com/tech-policy/2018/02/developer-of-the-prolific-nanocore-backdoor-gets-prison/

An extra definition for this variant is going to be added in the next signature update since my test MBES was unable to detect this, very happy that MBEP was able to catch it for you. Thanks for bringing this to our attention!



Edited by djacobson
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.