MSIL/Nanocore.BT!tr is a detection for a trojan with backdoor capabilities.
Below are some of its observed behaviours/characteristics:
- It drops the following files:
- undefinedAppDataundefined\[GUID]\Logs\[Username] : This is the folder where the malware store the logs.
- undefinedAppDataundefined\[GUID]\run.dat : This is a data file.
- This trojan gathers the following information:
- Computer name
- CPU usage
- RAM usage
- Active window
- Installed Anti-Virus
- This trojan has the following capabilities:
- Reboot/Shutdown computer
- Manipulate files
- Manipulate running processes
- Manipulate the registry
- Execute shell commands
- Remotely execute scripts/executables
- Steal stored passwords
- Enable/Disable webcam light
- Open/Close CD Drive
- Turn On/Off the monitor
- Reverse mouse buttons
- View DNS records
- Browse logs
- Spoof video feeds
- Spoof audio feeds
- This trojan sends the gathered information to its C&C:
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.