NodeLoader Exposed: The Node.js Malware Evading Detection
Tags
cmtmf-attack-pattern: Command And Scripting Interpreter
maec-delivery-vectors: Watering Hole
attack-pattern: Data Command And Scripting Interpreter - T1623 Create Or Modify System Process - T1543 Credentials - T1589.001 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Disable Windows Event Logging - T1562.002 Exfiltration Over C2 Channel - T1646 Impair Defenses - T1562 Impair Defenses - T1629 Javascript - T1059.007 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Windows Service - T1543.003 Tool - T1588.002 Command-Line Interface - T1059 Exfiltration Over Command And Control Channel - T1041 Powershell - T1086 Sudo - T1169 User Execution - T1204 User Execution
Show in Graph
Common Information
Type Value
UUID 9230197f-da40-469d-83ed-91248551a632
Fingerprint a4ae1919a53f0793
Analysis status DONE
Considered CTI value 2
Text language
Published Dec. 13, 2024, 5:10 p.m.
Added to db Dec. 13, 2024, 6:12 p.m.
Last updated Dec. 18, 2024, 3:14 p.m.
Headline NodeLoader Exposed: The Node.js Malware Evading Detection
Title NodeLoader Exposed: The Node.js Malware Evading Detection
Detected Hints/Tags/Attributes 82/3/57
Source URLs
Redirection Url
Details Source https://malware.news/t/nodeloader-exposed-the-node-js-malware-evading-detection/89381
URL Provider
Details Provider Source level domain
Details malware.news malware.news
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 158 Malware Analysis, News and Indicators - Latest topics https://malware.news/latest.rss 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 2 
korepi.xyz
Details Domain 2 
chillers.com.ar
Details Domain 4 
condedqpwqm.shop
Details Domain 6 
locatedblsoqp.shop
Details Domain 4 
stagedchheiqwo.shop
Details Domain 4 
stamppreewntnq.shop
Details Domain 4 
millyscroqwp.shop
Details Domain 4 
caffegclasiqwp.shop
Details Domain 4 
traineiwnqo.shop
Details File 719 
node.js
Details File 23 
script.ps1
Details File 2 
add_exclusion.ps1
Details File 9 
execute.bat
Details File 280 
chrome.exe
Details File 79 
opera.exe
Details File 2 
operagx.exe
Details File 206 
firefox.exe
Details File 101 
steam.exe
Details File 37 
spotify.exe
Details File 37 
discord.exe
Details File 17 
telegram.exe
Details File 2 
gamingservice.exe
Details File 4 
lightshot.exe
Details File 13 
epicgameslauncher.exe
Details File 2 
drop1.exe
Details File 2 
drop2.exe
Details File 19 
driver.exe
Details File 64 
taskhost.exe
Details File 2 
c:\programdata\utblsmnncewd\bbecxurdegum.exe
Details File 119 
regasm.exe
Details File 2 
lotrik.exe
Details md5 2 
fd4265d9049571e4610944ada00f3077
Details md5 2 
95013bd1659067c4f11213dcd1de1023
Details md5 2 
d93a5a607d72c7efc51640c9ec789ea6
Details md5 2 
bbeacc49e863e9ec1576ba0128f26579
Details md5 2 
c99b721ae647bd058d0269d9ecb07421
Details md5 2 
1555940d0adeb059c695ab317a2c641c
Details md5 2 
dedc2d7f699be025c3282a0f385fd4d5
Details md5 2 
bfc83f0def461d7113922a1444b957bb
Details md5 2 
1a6e1620405531211d4c26fc9f29673e
Details md5 2 
f35825c9bb3ed6e46da5b61363863036
Details md5 2 
c0be666ffbd3edc3b5bcd9aa6f6a461a
Details md5 2 
36f9b70a18f331239b6e7ea394837b60
Details md5 2 
20817afa0a3e77f1b6ccfe6a4488c61c
Details md5 2 
4cc366dff42687e475c6718f6437f754
Details md5 2 
b748b605cf8d9e3103701202143aa092
Details md5 2 
6424419ac4c6f0a24c95233e527c1e8a
Details md5 2 
c3fc67d2f8a7f517b1a834f923136865
Details IPv4 2 
195.10.205.253
Details MITRE ATT&CK Techniques 385 
T1204.002
Details MITRE ATT&CK Techniques 490 
T1059.001
Details MITRE ATT&CK Techniques 310 
T1562.001
Details MITRE ATT&CK Techniques 22 
T1562.002
Details MITRE ATT&CK Techniques 186 
T1543.003
Details MITRE ATT&CK Techniques 439 
T1041
Details Url 2 
https://chillers.com.ar/temp/lotrik.exe
Details Windows Registry Key 2 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT\DontOfferThroughWUAU