00000016.00000002.2320144510.0000000002671000.00000004.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
00000016.00000002.2320144510.0000000002671000.00000004.00000001.sdmp | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x24ea7:$a: NanoCore
- 0x24f00:$a: NanoCore
- 0x24f3d:$a: NanoCore
- 0x24fb6:$a: NanoCore
- 0x24f09:$b: ClientPlugin
- 0x24f46:$b: ClientPlugin
- 0x25844:$b: ClientPlugin
- 0x25851:$b: ClientPlugin
- 0x1b033:$e: KeepAlive
- 0x25391:$g: LogClientMessage
- 0x25311:$i: get_Connected
- 0x152dd:$j: #=q
- 0x1530d:$j: #=q
- 0x15349:$j: #=q
- 0x15371:$j: #=q
- 0x153a1:$j: #=q
- 0x153d1:$j: #=q
- 0x15401:$j: #=q
- 0x15431:$j: #=q
- 0x1544d:$j: #=q
- 0x1547d:$j: #=q
|
00000018.00000002.2357810683.0000000000402000.00000040.00000001.sdmp | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xff8d:$x1: NanoCore.ClientPluginHost
- 0xffca:$x2: IClientNetworkHost
- 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
00000018.00000002.2357810683.0000000000402000.00000040.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
00000018.00000002.2357810683.0000000000402000.00000040.00000001.sdmp | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfcf5:$a: NanoCore
- 0xfd05:$a: NanoCore
- 0xff39:$a: NanoCore
- 0xff4d:$a: NanoCore
- 0xff8d:$a: NanoCore
- 0xfd54:$b: ClientPlugin
- 0xff56:$b: ClientPlugin
- 0xff96:$b: ClientPlugin
- 0xfe7b:$c: ProjectData
- 0x10882:$d: DESCrypto
- 0x1824e:$e: KeepAlive
- 0x1623c:$g: LogClientMessage
- 0x12437:$i: get_Connected
- 0x10bb8:$j: #=q
- 0x10be8:$j: #=q
- 0x10c04:$j: #=q
- 0x10c34:$j: #=q
- 0x10c50:$j: #=q
- 0x10c6c:$j: #=q
- 0x10c9c:$j: #=q
- 0x10cb8:$j: #=q
|
00000015.00000002.2320926216.00000000024F1000.00000004.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
00000015.00000002.2320926216.00000000024F1000.00000004.00000001.sdmp | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x24a4b:$a: NanoCore
- 0x24aa4:$a: NanoCore
- 0x24ae1:$a: NanoCore
- 0x24b5a:$a: NanoCore
- 0x24aad:$b: ClientPlugin
- 0x24aea:$b: ClientPlugin
- 0x253e8:$b: ClientPlugin
- 0x253f5:$b: ClientPlugin
- 0x1abd7:$e: KeepAlive
- 0x24f35:$g: LogClientMessage
- 0x24eb5:$i: get_Connected
- 0x14e81:$j: #=q
- 0x14eb1:$j: #=q
- 0x14eed:$j: #=q
- 0x14f15:$j: #=q
- 0x14f45:$j: #=q
- 0x14f75:$j: #=q
- 0x14fa5:$j: #=q
- 0x14fd5:$j: #=q
- 0x14ff1:$j: #=q
- 0x15021:$j: #=q
|
00000019.00000002.2360426478.0000000002671000.00000004.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
00000019.00000002.2360426478.0000000002671000.00000004.00000001.sdmp | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x24ea7:$a: NanoCore
- 0x24f00:$a: NanoCore
- 0x24f3d:$a: NanoCore
- 0x24fb6:$a: NanoCore
- 0x24f09:$b: ClientPlugin
- 0x24f46:$b: ClientPlugin
- 0x25844:$b: ClientPlugin
- 0x25851:$b: ClientPlugin
- 0x1b033:$e: KeepAlive
- 0x25391:$g: LogClientMessage
- 0x25311:$i: get_Connected
- 0x152dd:$j: #=q
- 0x1530d:$j: #=q
- 0x15349:$j: #=q
- 0x15371:$j: #=q
- 0x153a1:$j: #=q
- 0x153d1:$j: #=q
- 0x15401:$j: #=q
- 0x15431:$j: #=q
- 0x1544d:$j: #=q
- 0x1547d:$j: #=q
|
00000016.00000002.2317509791.0000000000402000.00000040.00000001.sdmp | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xff8d:$x1: NanoCore.ClientPluginHost
- 0xffca:$x2: IClientNetworkHost
- 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
00000016.00000002.2317509791.0000000000402000.00000040.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
00000016.00000002.2317509791.0000000000402000.00000040.00000001.sdmp | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfcf5:$a: NanoCore
- 0xfd05:$a: NanoCore
- 0xff39:$a: NanoCore
- 0xff4d:$a: NanoCore
- 0xff8d:$a: NanoCore
- 0xfd54:$b: ClientPlugin
- 0xff56:$b: ClientPlugin
- 0xff96:$b: ClientPlugin
- 0xfe7b:$c: ProjectData
- 0x10882:$d: DESCrypto
- 0x1824e:$e: KeepAlive
- 0x1623c:$g: LogClientMessage
- 0x12437:$i: get_Connected
- 0x10bb8:$j: #=q
- 0x10be8:$j: #=q
- 0x10c04:$j: #=q
- 0x10c34:$j: #=q
- 0x10c50:$j: #=q
- 0x10c6c:$j: #=q
- 0x10c9c:$j: #=q
- 0x10cb8:$j: #=q
|
00000010.00000002.2308206391.00000000034F9000.00000004.00000001.sdmp | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x23d0dd:$x1: NanoCore.ClientPluginHost
- 0x26fafd:$x1: NanoCore.ClientPluginHost
- 0x23d11a:$x2: IClientNetworkHost
- 0x26fb3a:$x2: IClientNetworkHost
- 0x240c4d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x27366d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
00000010.00000002.2308206391.00000000034F9000.00000004.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
00000010.00000002.2308206391.00000000034F9000.00000004.00000001.sdmp | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x23ce45:$a: NanoCore
- 0x23ce55:$a: NanoCore
- 0x23d089:$a: NanoCore
- 0x23d09d:$a: NanoCore
- 0x23d0dd:$a: NanoCore
- 0x26f865:$a: NanoCore
- 0x26f875:$a: NanoCore
- 0x26faa9:$a: NanoCore
- 0x26fabd:$a: NanoCore
- 0x26fafd:$a: NanoCore
- 0x23cea4:$b: ClientPlugin
- 0x23d0a6:$b: ClientPlugin
- 0x23d0e6:$b: ClientPlugin
- 0x26f8c4:$b: ClientPlugin
- 0x26fac6:$b: ClientPlugin
- 0x26fb06:$b: ClientPlugin
- 0x23cfcb:$c: ProjectData
- 0x26f9eb:$c: ProjectData
- 0x23d9d2:$d: DESCrypto
- 0x2703f2:$d: DESCrypto
- 0x24539e:$e: KeepAlive
|
00000009.00000002.2377595847.0000000002181000.00000004.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
00000017.00000002.2321076230.00000000024F1000.00000004.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
00000017.00000002.2321076230.00000000024F1000.00000004.00000001.sdmp | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x24be3:$a: NanoCore
- 0x24c3c:$a: NanoCore
- 0x24c79:$a: NanoCore
- 0x24cf2:$a: NanoCore
- 0x24c45:$b: ClientPlugin
- 0x24c82:$b: ClientPlugin
- 0x25580:$b: ClientPlugin
- 0x2558d:$b: ClientPlugin
- 0x1ad6f:$e: KeepAlive
- 0x250cd:$g: LogClientMessage
- 0x2504d:$i: get_Connected
- 0x15019:$j: #=q
- 0x15049:$j: #=q
- 0x15085:$j: #=q
- 0x150ad:$j: #=q
- 0x150dd:$j: #=q
- 0x1510d:$j: #=q
- 0x1513d:$j: #=q
- 0x1516d:$j: #=q
- 0x15189:$j: #=q
- 0x151b9:$j: #=q
|
00000011.00000002.2307722949.0000000003679000.00000004.00000001.sdmp | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x23d0dd:$x1: NanoCore.ClientPluginHost
- 0x26fafd:$x1: NanoCore.ClientPluginHost
- 0x23d11a:$x2: IClientNetworkHost
- 0x26fb3a:$x2: IClientNetworkHost
- 0x240c4d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x27366d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
00000011.00000002.2307722949.0000000003679000.00000004.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
00000011.00000002.2307722949.0000000003679000.00000004.00000001.sdmp | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x23ce45:$a: NanoCore
- 0x23ce55:$a: NanoCore
- 0x23d089:$a: NanoCore
- 0x23d09d:$a: NanoCore
- 0x23d0dd:$a: NanoCore
- 0x26f865:$a: NanoCore
- 0x26f875:$a: NanoCore
- 0x26faa9:$a: NanoCore
- 0x26fabd:$a: NanoCore
- 0x26fafd:$a: NanoCore
- 0x23cea4:$b: ClientPlugin
- 0x23d0a6:$b: ClientPlugin
- 0x23d0e6:$b: ClientPlugin
- 0x26f8c4:$b: ClientPlugin
- 0x26fac6:$b: ClientPlugin
- 0x26fb06:$b: ClientPlugin
- 0x23cfcb:$c: ProjectData
- 0x26f9eb:$c: ProjectData
- 0x23d9d2:$d: DESCrypto
- 0x2703f2:$d: DESCrypto
- 0x24539e:$e: KeepAlive
|
00000015.00000002.2321066951.00000000034F9000.00000004.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
00000015.00000002.2321066951.00000000034F9000.00000004.00000001.sdmp | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x43185:$a: NanoCore
- 0x431de:$a: NanoCore
- 0x4321b:$a: NanoCore
- 0x43294:$a: NanoCore
- 0x5693f:$a: NanoCore
- 0x56954:$a: NanoCore
- 0x56989:$a: NanoCore
- 0x6f93b:$a: NanoCore
- 0x6f950:$a: NanoCore
- 0x6f985:$a: NanoCore
- 0x431e7:$b: ClientPlugin
- 0x43224:$b: ClientPlugin
- 0x43b22:$b: ClientPlugin
- 0x43b2f:$b: ClientPlugin
- 0x566fb:$b: ClientPlugin
- 0x56716:$b: ClientPlugin
- 0x56746:$b: ClientPlugin
- 0x5695d:$b: ClientPlugin
- 0x56992:$b: ClientPlugin
- 0x6f6f7:$b: ClientPlugin
- 0x6f712:$b: ClientPlugin
|
00000009.00000002.2377447258.0000000001F60000.00000004.00000001.sdmp | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xf7ad:$x1: NanoCore.ClientPluginHost
- 0xf7da:$x2: IClientNetworkHost
|
00000009.00000002.2377447258.0000000001F60000.00000004.00000001.sdmp | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xf7ad:$x2: NanoCore.ClientPluginHost
- 0x10888:$s4: PipeCreated
- 0xf7c7:$s5: IClientLoggingHost
|
00000009.00000002.2377447258.0000000001F60000.00000004.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
00000017.00000002.2321277835.00000000034F9000.00000004.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
00000017.00000002.2321277835.00000000034F9000.00000004.00000001.sdmp | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x43185:$a: NanoCore
- 0x431de:$a: NanoCore
- 0x4321b:$a: NanoCore
- 0x43294:$a: NanoCore
- 0x5693f:$a: NanoCore
- 0x56954:$a: NanoCore
- 0x56989:$a: NanoCore
- 0x6f93b:$a: NanoCore
- 0x6f950:$a: NanoCore
- 0x6f985:$a: NanoCore
- 0x431e7:$b: ClientPlugin
- 0x43224:$b: ClientPlugin
- 0x43b22:$b: ClientPlugin
- 0x43b2f:$b: ClientPlugin
- 0x566fb:$b: ClientPlugin
- 0x56716:$b: ClientPlugin
- 0x56746:$b: ClientPlugin
- 0x5695d:$b: ClientPlugin
- 0x56992:$b: ClientPlugin
- 0x6f6f7:$b: ClientPlugin
- 0x6f712:$b: ClientPlugin
|
00000009.00000002.2378417064.00000000031C9000.00000004.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
00000009.00000002.2378417064.00000000031C9000.00000004.00000001.sdmp | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x3185:$a: NanoCore
- 0x31de:$a: NanoCore
- 0x321b:$a: NanoCore
- 0x3294:$a: NanoCore
- 0x1693f:$a: NanoCore
- 0x16954:$a: NanoCore
- 0x16989:$a: NanoCore
- 0x2f93b:$a: NanoCore
- 0x2f950:$a: NanoCore
- 0x2f985:$a: NanoCore
- 0x31e7:$b: ClientPlugin
- 0x3224:$b: ClientPlugin
- 0x3b22:$b: ClientPlugin
- 0x3b2f:$b: ClientPlugin
- 0x166fb:$b: ClientPlugin
- 0x16716:$b: ClientPlugin
- 0x16746:$b: ClientPlugin
- 0x1695d:$b: ClientPlugin
- 0x16992:$b: ClientPlugin
- 0x2f6f7:$b: ClientPlugin
- 0x2f712:$b: ClientPlugin
|
00000009.00000002.2377365458.0000000001E70000.00000004.00000001.sdmp | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
|
00000009.00000002.2377365458.0000000001E70000.00000004.00000001.sdmp | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
|
00000012.00000002.2329341948.00000000034F9000.00000004.00000001.sdmp | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xb00bd:$x1: NanoCore.ClientPluginHost
- 0xe2add:$x1: NanoCore.ClientPluginHost
- 0xb00fa:$x2: IClientNetworkHost
- 0xe2b1a:$x2: IClientNetworkHost
- 0xb3c2d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0xe664d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
00000012.00000002.2329341948.00000000034F9000.00000004.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
00000012.00000002.2329341948.00000000034F9000.00000004.00000001.sdmp | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xafe25:$a: NanoCore
- 0xafe35:$a: NanoCore
- 0xb0069:$a: NanoCore
- 0xb007d:$a: NanoCore
- 0xb00bd:$a: NanoCore
- 0xe2845:$a: NanoCore
- 0xe2855:$a: NanoCore
- 0xe2a89:$a: NanoCore
- 0xe2a9d:$a: NanoCore
- 0xe2add:$a: NanoCore
- 0xafe84:$b: ClientPlugin
- 0xb0086:$b: ClientPlugin
- 0xb00c6:$b: ClientPlugin
- 0xe28a4:$b: ClientPlugin
- 0xe2aa6:$b: ClientPlugin
- 0xe2ae6:$b: ClientPlugin
- 0xaffab:$c: ProjectData
- 0xe29cb:$c: ProjectData
- 0xb09b2:$d: DESCrypto
- 0xe33d2:$d: DESCrypto
- 0xb837e:$e: KeepAlive
|
00000015.00000002.2319296048.0000000000402000.00000040.00000001.sdmp | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xff8d:$x1: NanoCore.ClientPluginHost
- 0xffca:$x2: IClientNetworkHost
- 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
00000015.00000002.2319296048.0000000000402000.00000040.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
00000015.00000002.2319296048.0000000000402000.00000040.00000001.sdmp | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfcf5:$a: NanoCore
- 0xfd05:$a: NanoCore
- 0xff39:$a: NanoCore
- 0xff4d:$a: NanoCore
- 0xff8d:$a: NanoCore
- 0xfd54:$b: ClientPlugin
- 0xff56:$b: ClientPlugin
- 0xff96:$b: ClientPlugin
- 0xfe7b:$c: ProjectData
- 0x10882:$d: DESCrypto
- 0x1824e:$e: KeepAlive
- 0x1623c:$g: LogClientMessage
- 0x12437:$i: get_Connected
- 0x10bb8:$j: #=q
- 0x10be8:$j: #=q
- 0x10c04:$j: #=q
- 0x10c34:$j: #=q
- 0x10c50:$j: #=q
- 0x10c6c:$j: #=q
- 0x10c9c:$j: #=q
- 0x10cb8:$j: #=q
|
00000018.00000002.2359615621.00000000024F1000.00000004.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
00000018.00000002.2359615621.00000000024F1000.00000004.00000001.sdmp | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x24be3:$a: NanoCore
- 0x24c3c:$a: NanoCore
- 0x24c79:$a: NanoCore
- 0x24cf2:$a: NanoCore
- 0x24c45:$b: ClientPlugin
- 0x24c82:$b: ClientPlugin
- 0x25580:$b: ClientPlugin
- 0x2558d:$b: ClientPlugin
- 0x1ad6f:$e: KeepAlive
- 0x250cd:$g: LogClientMessage
- 0x2504d:$i: get_Connected
- 0x15019:$j: #=q
- 0x15049:$j: #=q
- 0x15085:$j: #=q
- 0x150ad:$j: #=q
- 0x150dd:$j: #=q
- 0x1510d:$j: #=q
- 0x1513d:$j: #=q
- 0x1516d:$j: #=q
- 0x15189:$j: #=q
- 0x151b9:$j: #=q
|
00000013.00000002.2330228588.0000000003679000.00000004.00000001.sdmp | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x23d0dd:$x1: NanoCore.ClientPluginHost
- 0x26fafd:$x1: NanoCore.ClientPluginHost
- 0x23d11a:$x2: IClientNetworkHost
- 0x26fb3a:$x2: IClientNetworkHost
- 0x240c4d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x27366d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
00000013.00000002.2330228588.0000000003679000.00000004.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
00000013.00000002.2330228588.0000000003679000.00000004.00000001.sdmp | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x23ce45:$a: NanoCore
- 0x23ce55:$a: NanoCore
- 0x23d089:$a: NanoCore
- 0x23d09d:$a: NanoCore
- 0x23d0dd:$a: NanoCore
- 0x26f865:$a: NanoCore
- 0x26f875:$a: NanoCore
- 0x26faa9:$a: NanoCore
- 0x26fabd:$a: NanoCore
- 0x26fafd:$a: NanoCore
- 0x23cea4:$b: ClientPlugin
- 0x23d0a6:$b: ClientPlugin
- 0x23d0e6:$b: ClientPlugin
- 0x26f8c4:$b: ClientPlugin
- 0x26fac6:$b: ClientPlugin
- 0x26fb06:$b: ClientPlugin
- 0x23cfcb:$c: ProjectData
- 0x26f9eb:$c: ProjectData
- 0x23d9d2:$d: DESCrypto
- 0x2703f2:$d: DESCrypto
- 0x24539e:$e: KeepAlive
|
00000004.00000002.2190777243.00000000031F9000.00000004.00000001.sdmp | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1065d:$x1: NanoCore.ClientPluginHost
- 0x4307d:$x1: NanoCore.ClientPluginHost
- 0x23d0dd:$x1: NanoCore.ClientPluginHost
- 0x1069a:$x2: IClientNetworkHost
- 0x430ba:$x2: IClientNetworkHost
- 0x23d11a:$x2: IClientNetworkHost
- 0x141cd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x46bed:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x240c4d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
00000004.00000002.2190777243.00000000031F9000.00000004.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
00000004.00000002.2190777243.00000000031F9000.00000004.00000001.sdmp | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x103c5:$a: NanoCore
- 0x103d5:$a: NanoCore
- 0x10609:$a: NanoCore
- 0x1061d:$a: NanoCore
- 0x1065d:$a: NanoCore
- 0x42de5:$a: NanoCore
- 0x42df5:$a: NanoCore
- 0x43029:$a: NanoCore
- 0x4303d:$a: NanoCore
- 0x4307d:$a: NanoCore
- 0x23ce45:$a: NanoCore
- 0x23ce55:$a: NanoCore
- 0x23d089:$a: NanoCore
- 0x23d09d:$a: NanoCore
- 0x23d0dd:$a: NanoCore
- 0x10424:$b: ClientPlugin
- 0x10626:$b: ClientPlugin
- 0x10666:$b: ClientPlugin
- 0x42e44:$b: ClientPlugin
- 0x43046:$b: ClientPlugin
- 0x43086:$b: ClientPlugin
|
00000017.00000002.2318434814.0000000000402000.00000040.00000001.sdmp | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xff8d:$x1: NanoCore.ClientPluginHost
- 0xffca:$x2: IClientNetworkHost
- 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
00000017.00000002.2318434814.0000000000402000.00000040.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
00000017.00000002.2318434814.0000000000402000.00000040.00000001.sdmp | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfcf5:$a: NanoCore
- 0xfd05:$a: NanoCore
- 0xff39:$a: NanoCore
- 0xff4d:$a: NanoCore
- 0xff8d:$a: NanoCore
- 0xfd54:$b: ClientPlugin
- 0xff56:$b: ClientPlugin
- 0xff96:$b: ClientPlugin
- 0xfe7b:$c: ProjectData
- 0x10882:$d: DESCrypto
- 0x1824e:$e: KeepAlive
- 0x1623c:$g: LogClientMessage
- 0x12437:$i: get_Connected
- 0x10bb8:$j: #=q
- 0x10be8:$j: #=q
- 0x10c04:$j: #=q
- 0x10c34:$j: #=q
- 0x10c50:$j: #=q
- 0x10c6c:$j: #=q
- 0x10c9c:$j: #=q
- 0x10cb8:$j: #=q
|
00000009.00000002.2376844141.0000000000402000.00000040.00000001.sdmp | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xff8d:$x1: NanoCore.ClientPluginHost
- 0xffca:$x2: IClientNetworkHost
- 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
00000009.00000002.2376844141.0000000000402000.00000040.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
00000009.00000002.2376844141.0000000000402000.00000040.00000001.sdmp | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfcf5:$a: NanoCore
- 0xfd05:$a: NanoCore
- 0xff39:$a: NanoCore
- 0xff4d:$a: NanoCore
- 0xff8d:$a: NanoCore
- 0xfd54:$b: ClientPlugin
- 0xff56:$b: ClientPlugin
- 0xff96:$b: ClientPlugin
- 0xfe7b:$c: ProjectData
- 0x10882:$d: DESCrypto
- 0x1824e:$e: KeepAlive
- 0x1623c:$g: LogClientMessage
- 0x12437:$i: get_Connected
- 0x10bb8:$j: #=q
- 0x10be8:$j: #=q
- 0x10c04:$j: #=q
- 0x10c34:$j: #=q
- 0x10c50:$j: #=q
- 0x10c6c:$j: #=q
- 0x10c9c:$j: #=q
- 0x10cb8:$j: #=q
|
00000019.00000002.2360527590.0000000003679000.00000004.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
00000019.00000002.2360527590.0000000003679000.00000004.00000001.sdmp | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x43185:$a: NanoCore
- 0x431de:$a: NanoCore
- 0x4321b:$a: NanoCore
- 0x43294:$a: NanoCore
- 0x5693f:$a: NanoCore
- 0x56954:$a: NanoCore
- 0x56989:$a: NanoCore
- 0x6f93b:$a: NanoCore
- 0x6f950:$a: NanoCore
- 0x6f985:$a: NanoCore
- 0x431e7:$b: ClientPlugin
- 0x43224:$b: ClientPlugin
- 0x43b22:$b: ClientPlugin
- 0x43b2f:$b: ClientPlugin
- 0x566fb:$b: ClientPlugin
- 0x56716:$b: ClientPlugin
- 0x56746:$b: ClientPlugin
- 0x5695d:$b: ClientPlugin
- 0x56992:$b: ClientPlugin
- 0x6f6f7:$b: ClientPlugin
- 0x6f712:$b: ClientPlugin
|
00000016.00000002.2320316767.0000000003679000.00000004.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
00000016.00000002.2320316767.0000000003679000.00000004.00000001.sdmp | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x43185:$a: NanoCore
- 0x431de:$a: NanoCore
- 0x4321b:$a: NanoCore
- 0x43294:$a: NanoCore
- 0x5693f:$a: NanoCore
- 0x56954:$a: NanoCore
- 0x56989:$a: NanoCore
- 0x6f93b:$a: NanoCore
- 0x6f950:$a: NanoCore
- 0x6f985:$a: NanoCore
- 0x431e7:$b: ClientPlugin
- 0x43224:$b: ClientPlugin
- 0x43b22:$b: ClientPlugin
- 0x43b2f:$b: ClientPlugin
- 0x566fb:$b: ClientPlugin
- 0x56716:$b: ClientPlugin
- 0x56746:$b: ClientPlugin
- 0x5695d:$b: ClientPlugin
- 0x56992:$b: ClientPlugin
- 0x6f6f7:$b: ClientPlugin
- 0x6f712:$b: ClientPlugin
|
00000018.00000002.2359723177.00000000034F9000.00000004.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
00000018.00000002.2359723177.00000000034F9000.00000004.00000001.sdmp | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x43185:$a: NanoCore
- 0x431de:$a: NanoCore
- 0x4321b:$a: NanoCore
- 0x43294:$a: NanoCore
- 0x5693f:$a: NanoCore
- 0x56954:$a: NanoCore
- 0x56989:$a: NanoCore
- 0x6f93b:$a: NanoCore
- 0x6f950:$a: NanoCore
- 0x6f985:$a: NanoCore
- 0x431e7:$b: ClientPlugin
- 0x43224:$b: ClientPlugin
- 0x43b22:$b: ClientPlugin
- 0x43b2f:$b: ClientPlugin
- 0x566fb:$b: ClientPlugin
- 0x56716:$b: ClientPlugin
- 0x56746:$b: ClientPlugin
- 0x5695d:$b: ClientPlugin
- 0x56992:$b: ClientPlugin
- 0x6f6f7:$b: ClientPlugin
- 0x6f712:$b: ClientPlugin
|
00000019.00000002.2359327901.0000000000402000.00000040.00000001.sdmp | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xff8d:$x1: NanoCore.ClientPluginHost
- 0xffca:$x2: IClientNetworkHost
- 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
00000019.00000002.2359327901.0000000000402000.00000040.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
00000019.00000002.2359327901.0000000000402000.00000040.00000001.sdmp | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfcf5:$a: NanoCore
- 0xfd05:$a: NanoCore
- 0xff39:$a: NanoCore
- 0xff4d:$a: NanoCore
- 0xff8d:$a: NanoCore
- 0xfd54:$b: ClientPlugin
- 0xff56:$b: ClientPlugin
- 0xff96:$b: ClientPlugin
- 0xfe7b:$c: ProjectData
- 0x10882:$d: DESCrypto
- 0x1824e:$e: KeepAlive
- 0x1623c:$g: LogClientMessage
- 0x12437:$i: get_Connected
- 0x10bb8:$j: #=q
- 0x10be8:$j: #=q
- 0x10c04:$j: #=q
- 0x10c34:$j: #=q
- 0x10c50:$j: #=q
- 0x10c6c:$j: #=q
- 0x10c9c:$j: #=q
- 0x10cb8:$j: #=q
|
0000000F.00000002.2307261141.00000000034B9000.00000004.00000001.sdmp | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1065d:$x1: NanoCore.ClientPluginHost
- 0x4307d:$x1: NanoCore.ClientPluginHost
- 0x23d0dd:$x1: NanoCore.ClientPluginHost
- 0x1069a:$x2: IClientNetworkHost
- 0x430ba:$x2: IClientNetworkHost
- 0x23d11a:$x2: IClientNetworkHost
- 0x141cd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x46bed:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x240c4d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
0000000F.00000002.2307261141.00000000034B9000.00000004.00000001.sdmp | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
0000000F.00000002.2307261141.00000000034B9000.00000004.00000001.sdmp | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x103c5:$a: NanoCore
- 0x103d5:$a: NanoCore
- 0x10609:$a: NanoCore
- 0x1061d:$a: NanoCore
- 0x1065d:$a: NanoCore
- 0x42de5:$a: NanoCore
- 0x42df5:$a: NanoCore
- 0x43029:$a: NanoCore
- 0x4303d:$a: NanoCore
- 0x4307d:$a: NanoCore
- 0x23ce45:$a: NanoCore
- 0x23ce55:$a: NanoCore
- 0x23d089:$a: NanoCore
- 0x23d09d:$a: NanoCore
- 0x23d0dd:$a: NanoCore
- 0x10424:$b: ClientPlugin
- 0x10626:$b: ClientPlugin
- 0x10666:$b: ClientPlugin
- 0x42e44:$b: ClientPlugin
- 0x43046:$b: ClientPlugin
- 0x43086:$b: ClientPlugin
|
Process Memory Space: vbc.exe PID: 2528 | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x59a775:$x1: NanoCore.ClientPluginHost
- 0x5b91ca:$x1: NanoCore.ClientPluginHost
- 0x68c577:$x1: NanoCore.ClientPluginHost
- 0x59a7d6:$x2: IClientNetworkHost
- 0x5b922b:$x2: IClientNetworkHost
- 0x68c5d8:$x2: IClientNetworkHost
- 0x59fbdb:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x5adb4d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x5be630:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x5cc5a2:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x6919dd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x69f94f:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
Process Memory Space: vbc.exe PID: 2528 | JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | |
Process Memory Space: vbc.exe PID: 2528 | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
Process Memory Space: vbc.exe PID: 2528 | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x59a27a:$a: NanoCore
- 0x59a296:$a: NanoCore
- 0x59a3f1:$a: NanoCore
- 0x59a400:$a: NanoCore
- 0x59a6d9:$a: NanoCore
- 0x59a705:$a: NanoCore
- 0x59a775:$a: NanoCore
- 0x5aa1b7:$a: NanoCore
- 0x5aa1c9:$a: NanoCore
- 0x5aa205:$a: NanoCore
- 0x5b8ccf:$a: NanoCore
- 0x5b8ceb:$a: NanoCore
- 0x5b8e46:$a: NanoCore
- 0x5b8e55:$a: NanoCore
- 0x5b912e:$a: NanoCore
- 0x5b915a:$a: NanoCore
- 0x5b91ca:$a: NanoCore
- 0x5c8c0c:$a: NanoCore
- 0x5c8c1e:$a: NanoCore
- 0x5c8c5a:$a: NanoCore
- 0x68c07c:$a: NanoCore
|
Process Memory Space: vbc.exe PID: 2956 | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xf45:$x1: NanoCore.ClientPluginHost
- 0xcc1ec:$x1: NanoCore.ClientPluginHost
- 0xf759b:$x1: NanoCore.ClientPluginHost
- 0x14420c:$x1: NanoCore.ClientPluginHost
- 0x149dcb:$x1: NanoCore.ClientPluginHost
- 0x15b189:$x1: NanoCore.ClientPluginHost
- 0x168afe:$x1: NanoCore.ClientPluginHost
- 0x3eb038:$x1: NanoCore.ClientPluginHost
- 0xd9f:$x2: IClientNetworkHost
- 0xcc212:$x2: IClientNetworkHost
- 0xf75e0:$x2: IClientNetworkHost
- 0x144232:$x2: IClientNetworkHost
- 0x149e10:$x2: IClientNetworkHost
- 0x15b1ce:$x2: IClientNetworkHost
- 0x168b24:$x2: IClientNetworkHost
- 0x3eb099:$x2: IClientNetworkHost
- 0x3f049e:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x3fe410:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
Process Memory Space: vbc.exe PID: 2956 | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
Process Memory Space: vbc.exe PID: 2956 | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x25a:$a: NanoCore
- 0x9d0:$a: NanoCore
- 0xf45:$a: NanoCore
- 0x122a:$a: NanoCore
- 0xc24b7:$a: NanoCore
- 0xc251f:$a: NanoCore
- 0xc265d:$a: NanoCore
- 0xcc0de:$a: NanoCore
- 0xcc17f:$a: NanoCore
- 0xcc1ec:$a: NanoCore
- 0xcc2ad:$a: NanoCore
- 0xcd17e:$a: NanoCore
- 0xcd1d1:$a: NanoCore
- 0xcd20a:$a: NanoCore
- 0xcd27d:$a: NanoCore
- 0xf7515:$a: NanoCore
- 0xf7542:$a: NanoCore
- 0xf759b:$a: NanoCore
- 0xfedaa:$a: NanoCore
- 0xfedbd:$a: NanoCore
- 0xfedef:$a: NanoCore
|
Process Memory Space: vbc.exe PID: 2016 | JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | |
Click to see the 67 entries |