Jump to content
rssbandittrick

Submission of possible malware

Recommended Posts

Thanks.

i've tested the site on my PC running MBEP and it blocks it. It was also MBEP that picked up the submitted file. However, I was curious to see what this file actually did when executed as this file has been on the customer PC for weeks before I installed MBEP.

Share this post


Link to post
Share on other sites

The site is on the block list for bank phishing, block is set for any of their url sets as *gear3.com. Checking on the file now, it may take a bit.

Share this post


Link to post
Share on other sites

@kieferschild Got the info from research. This is a variant of backdoor.nanocore, it is a Trojan meant for gathering information from a Windows system and can modify settings, gather data and send it to a remote remote threat actor. Two stand out things to check for this guy; double check what your web homepages and search engines have been set to, they could be pointing to compromised sites. And change your passwords for domain and the local accounts, this is likely going to need to be done site-wide, the actor that gained access to your machine could've gotten more info and credentials than what was just on that box alone.

The original author of this is serving prison time, here is an article that talks about that and some of the main functions of this Trojan - https://arstechnica.com/tech-policy/2018/02/developer-of-the-prolific-nanocore-backdoor-gets-prison/

An extra definition for this variant is going to be added in the next signature update since my test MBES was unable to detect this, very happy that MBEP was able to catch it for you. Thanks for bringing this to our attention!

 

 

Edited by djacobson

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.