Play interactive tour

Edit tour

Analysis Report Invoice# 77-84993-84929.exe

Overview

General Information

Sample Name:	Invoice# 77-84993-84929.exe
Analysis ID:	339358
MD5:	3beaa725263104d4638eb877a7d0b37d
SHA1:	da267ad7c11acb864db25a561fea1e2cc3663fd0
SHA256:	eba0abe9461df84c76949df2d559f66b0379cbdbd430f8db884c55d0aa469980
Tags:	exeNanoCore
Most interesting Screenshot:

Detection

Nanocore

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected Nanocore Rat

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Sigma detected: NanoCore

Yara detected AntiVM_3

Yara detected Nanocore RAT

.NET source code contains potential unpacker

Binary contains a suspicious time stamp

Hides that the sample has been downloaded from the Internet (zone.identifier)

Initial sample is a PE file and has a suspicious name

Machine Learning detection for sample

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Contains long sleeps (>= 3 min)

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Yara signature match

Classification

Startup

System is w10x64

Invoice# 77-84993-84929.exe (PID: 6104 cmdline: 'C:\Users\user\Desktop\Invoice# 77-84993-84929.exe' MD5: 3BEAA725263104D4638EB877A7D0B37D)

Invoice# 77-84993-84929.exe (PID: 5732 cmdline: {path} MD5: 3BEAA725263104D4638EB877A7D0B37D)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
00000001.00000002.699728992.0000000006DE0000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1aa7d:$x1: NanoCore.ClientPluginHost 0x1aa6a:$x2: IClientNetworkHost 0x19142:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000001.00000002.699728992.0000000006DE0000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x19983:$x1: NanoCore Client.exe 0x1aa7d:$x2: NanoCore.ClientPluginHost 0x19120:$s1: PluginCommand 0x19108:$s2: FileCommand 0x1a88b:$s3: PipeExists 0x190d8:$s4: PipeCreated 0x1aa57:$s5: IClientLoggingHost
00000001.00000002.699728992.0000000006DE0000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000001.00000002.699728992.0000000006DE0000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x19536:$a: NanoCore 0x19983:$a: NanoCore 0x19e84:$a: NanoCore 0x1a974:$a: NanoCore 0x1aa7d:$a: NanoCore 0x19e8d:$b: ClientPlugin 0x1aa86:$b: ClientPlugin 0x18f48:$c: ProjectData 0x332cd:$c: ProjectData 0x1a295:$d: DESCrypto 0x1991a:$e: KeepAlive 0x1927a:$g: LogClientMessage 0x190e4:$i: get_Connected 0xfc25:$j: #=q 0xfc76:$j: #=q 0xfcba:$j: #=q 0xfdd5:$j: #=q 0xfe3a:$j: #=q 0xfe9f:$j: #=q 0xfeef:$j: #=q 0xff33:$j: #=q
00000001.00000002.699774289.0000000006E20000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1a82d:$x1: NanoCore.ClientPluginHost 0x1a81a:$x2: IClientNetworkHost 0x18ef2:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000001.00000002.699774289.0000000006E20000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x19733:$x1: NanoCore Client.exe 0x1a82d:$x2: NanoCore.ClientPluginHost 0x18ed0:$s1: PluginCommand 0x18eb8:$s2: FileCommand 0x1a63b:$s3: PipeExists 0x18e88:$s4: PipeCreated 0x1a807:$s5: IClientLoggingHost
00000001.00000002.699774289.0000000006E20000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000001.00000002.699774289.0000000006E20000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x192e6:$a: NanoCore 0x19733:$a: NanoCore 0x19c34:$a: NanoCore 0x1a724:$a: NanoCore 0x1a82d:$a: NanoCore 0x19c3d:$b: ClientPlugin 0x1a836:$b: ClientPlugin 0x18cf8:$c: ProjectData 0x1a045:$d: DESCrypto 0x196ca:$e: KeepAlive 0x1902a:$g: LogClientMessage 0x18e94:$i: get_Connected 0xf9d5:$j: #=q 0xfa26:$j: #=q 0xfa6a:$j: #=q 0xfb85:$j: #=q 0xfbea:$j: #=q 0xfc4f:$j: #=q 0xfc9f:$j: #=q 0xfce3:$j: #=q 0xfd13:$j: #=q
00000001.00000002.699685453.0000000006DA0000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1accd:$x1: NanoCore.ClientPluginHost 0x1acba:$x2: IClientNetworkHost 0x19392:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000001.00000002.699685453.0000000006DA0000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x19bd3:$x1: NanoCore Client.exe 0x1accd:$x2: NanoCore.ClientPluginHost 0x19370:$s1: PluginCommand 0x19358:$s2: FileCommand 0x1aadb:$s3: PipeExists 0x19328:$s4: PipeCreated 0x1aca7:$s5: IClientLoggingHost
00000001.00000002.699685453.0000000006DA0000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000001.00000002.699685453.0000000006DA0000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x19786:$a: NanoCore 0x19bd3:$a: NanoCore 0x1a0d4:$a: NanoCore 0x1abc4:$a: NanoCore 0x1accd:$a: NanoCore 0x1a0dd:$b: ClientPlugin 0x1acd6:$b: ClientPlugin 0x19198:$c: ProjectData 0x3351d:$c: ProjectData 0x35d3d:$c: ProjectData 0x1a4e5:$d: DESCrypto 0x19b6a:$e: KeepAlive 0x194ca:$g: LogClientMessage 0x19334:$i: get_Connected 0xfe75:$j: #=q 0xfec6:$j: #=q 0xff0a:$j: #=q 0x10025:$j: #=q 0x1008a:$j: #=q 0x100ef:$j: #=q 0x1013f:$j: #=q
00000001.00000002.699371662.0000000006C10000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1b85d:$x1: NanoCore.ClientPluginHost 0x1b84a:$x2: IClientNetworkHost 0x19f22:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000001.00000002.699371662.0000000006C10000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1a763:$x1: NanoCore Client.exe 0x1b85d:$x2: NanoCore.ClientPluginHost 0x19f00:$s1: PluginCommand 0x19ee8:$s2: FileCommand 0x1b66b:$s3: PipeExists 0x19eb8:$s4: PipeCreated 0x1b837:$s5: IClientLoggingHost
00000001.00000002.699371662.0000000006C10000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000001.00000002.699371662.0000000006C10000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x1a316:$a: NanoCore 0x1a763:$a: NanoCore 0x1ac64:$a: NanoCore 0x1b754:$a: NanoCore 0x1b85d:$a: NanoCore 0x1ac6d:$b: ClientPlugin 0x1b866:$b: ClientPlugin 0x19d28:$c: ProjectData 0x340ad:$c: ProjectData 0x368cd:$c: ProjectData 0x38d30:$c: ProjectData 0x3b1f5:$c: ProjectData 0x3db88:$c: ProjectData 0x405e9:$c: ProjectData 0x43455:$c: ProjectData 0x1b075:$d: DESCrypto 0x1a6fa:$e: KeepAlive 0x1a05a:$g: LogClientMessage 0x19ec4:$i: get_Connected 0x10a05:$j: #=q 0x10a56:$j: #=q
00000001.00000002.698742579.0000000005A61000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x2eb95:$x1: NanoCore.ClientPluginHost 0x7a165:$x1: NanoCore.ClientPluginHost 0x2eb82:$x2: IClientNetworkHost 0x7a152:$x2: IClientNetworkHost 0x2d25a:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x7882a:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000001.00000002.698742579.0000000005A61000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000001.00000002.698742579.0000000005A61000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x2d64e:$a: NanoCore 0x2da9b:$a: NanoCore 0x2df9c:$a: NanoCore 0x2ea8c:$a: NanoCore 0x2eb95:$a: NanoCore 0x78c1e:$a: NanoCore 0x7906b:$a: NanoCore 0x7956c:$a: NanoCore 0x7a05c:$a: NanoCore 0x7a165:$a: NanoCore 0x2dfa5:$b: ClientPlugin 0x2eb9e:$b: ClientPlugin 0x79575:$b: ClientPlugin 0x7a16e:$b: ClientPlugin 0xd51:$c: ProjectData 0x3bbd:$c: ProjectData 0x71f9:$c: ProjectData 0x9ef7:$c: ProjectData 0xc8b7:$c: ProjectData 0x2d060:$c: ProjectData 0x473e5:$c: ProjectData
00000001.00000002.699281215.0000000006B70000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1bcfd:$x1: NanoCore.ClientPluginHost 0x1bcea:$x2: IClientNetworkHost 0x1a3c2:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000001.00000002.699281215.0000000006B70000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1ac03:$x1: NanoCore Client.exe 0x1bcfd:$x2: NanoCore.ClientPluginHost 0x1a3a0:$s1: PluginCommand 0x1a388:$s2: FileCommand 0x1bb0b:$s3: PipeExists 0x1a358:$s4: PipeCreated 0x1bcd7:$s5: IClientLoggingHost
00000001.00000002.699281215.0000000006B70000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000001.00000002.699281215.0000000006B70000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x1a7b6:$a: NanoCore 0x1ac03:$a: NanoCore 0x1b104:$a: NanoCore 0x1bbf4:$a: NanoCore 0x1bcfd:$a: NanoCore 0x1b10d:$b: ClientPlugin 0x1bd06:$b: ClientPlugin 0x1a1c8:$c: ProjectData 0x3454d:$c: ProjectData 0x36d6d:$c: ProjectData 0x391d0:$c: ProjectData 0x3b695:$c: ProjectData 0x3e028:$c: ProjectData 0x40a89:$c: ProjectData 0x438f5:$c: ProjectData 0x46f31:$c: ProjectData 0x49c2f:$c: ProjectData 0x1b515:$d: DESCrypto 0x1ab9a:$e: KeepAlive 0x1a4fa:$g: LogClientMessage 0x1a364:$i: get_Connected
00000001.00000002.699325849.0000000006BC0000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1baad:$x1: NanoCore.ClientPluginHost 0x1ba9a:$x2: IClientNetworkHost 0x1a172:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000001.00000002.699325849.0000000006BC0000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1a9b3:$x1: NanoCore Client.exe 0x1baad:$x2: NanoCore.ClientPluginHost 0x1a150:$s1: PluginCommand 0x1a138:$s2: FileCommand 0x1b8bb:$s3: PipeExists 0x1a108:$s4: PipeCreated 0x1ba87:$s5: IClientLoggingHost
00000001.00000002.699325849.0000000006BC0000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000001.00000002.699325849.0000000006BC0000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x1a566:$a: NanoCore 0x1a9b3:$a: NanoCore 0x1aeb4:$a: NanoCore 0x1b9a4:$a: NanoCore 0x1baad:$a: NanoCore 0x1aebd:$b: ClientPlugin 0x1bab6:$b: ClientPlugin 0x19f78:$c: ProjectData 0x342fd:$c: ProjectData 0x36b1d:$c: ProjectData 0x38f80:$c: ProjectData 0x3b445:$c: ProjectData 0x3ddd8:$c: ProjectData 0x40839:$c: ProjectData 0x436a5:$c: ProjectData 0x46ce1:$c: ProjectData 0x1b2c5:$d: DESCrypto 0x1a94a:$e: KeepAlive 0x1a2aa:$g: LogClientMessage 0x1a114:$i: get_Connected 0x10c55:$j: #=q
00000001.00000002.699482814.0000000006C90000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1b60d:$x1: NanoCore.ClientPluginHost 0x1b5fa:$x2: IClientNetworkHost 0x19cd2:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000001.00000002.699482814.0000000006C90000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1a513:$x1: NanoCore Client.exe 0x1b60d:$x2: NanoCore.ClientPluginHost 0x19cb0:$s1: PluginCommand 0x19c98:$s2: FileCommand 0x1b41b:$s3: PipeExists 0x19c68:$s4: PipeCreated 0x1b5e7:$s5: IClientLoggingHost
00000001.00000002.699482814.0000000006C90000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000001.00000002.699482814.0000000006C90000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x1a0c6:$a: NanoCore 0x1a513:$a: NanoCore 0x1aa14:$a: NanoCore 0x1b504:$a: NanoCore 0x1b60d:$a: NanoCore 0x1aa1d:$b: ClientPlugin 0x1b616:$b: ClientPlugin 0x19ad8:$c: ProjectData 0x33e5d:$c: ProjectData 0x3667d:$c: ProjectData 0x38ae0:$c: ProjectData 0x3afa5:$c: ProjectData 0x3d938:$c: ProjectData 0x40399:$c: ProjectData 0x1ae25:$d: DESCrypto 0x1a4aa:$e: KeepAlive 0x19e0a:$g: LogClientMessage 0x19c74:$i: get_Connected 0x107b5:$j: #=q 0x10806:$j: #=q 0x1084a:$j: #=q
00000001.00000002.698504470.0000000005810000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1bf4d:$x1: NanoCore.ClientPluginHost 0x1bf3a:$x2: IClientNetworkHost 0x1a612:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000001.00000002.698504470.0000000005810000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1ae53:$x1: NanoCore Client.exe 0x1bf4d:$x2: NanoCore.ClientPluginHost 0x1a5f0:$s1: PluginCommand 0x1a5d8:$s2: FileCommand 0x1bd5b:$s3: PipeExists 0x1a5a8:$s4: PipeCreated 0x1bf27:$s5: IClientLoggingHost
00000001.00000002.698504470.0000000005810000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000001.00000002.698504470.0000000005810000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x1aa06:$a: NanoCore 0x1ae53:$a: NanoCore 0x1b354:$a: NanoCore 0x1be44:$a: NanoCore 0x1bf4d:$a: NanoCore 0x1b35d:$b: ClientPlugin 0x1bf56:$b: ClientPlugin 0x1a418:$c: ProjectData 0x3479d:$c: ProjectData 0x36fbd:$c: ProjectData 0x39420:$c: ProjectData 0x3b8e5:$c: ProjectData 0x3e278:$c: ProjectData 0x40cd9:$c: ProjectData 0x43b45:$c: ProjectData 0x47181:$c: ProjectData 0x49e7f:$c: ProjectData 0x4c83f:$c: ProjectData 0x1b765:$d: DESCrypto 0x1adea:$e: KeepAlive 0x1a74a:$g: LogClientMessage
00000001.00000002.699633514.0000000006D60000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1af1d:$x1: NanoCore.ClientPluginHost 0x1af0a:$x2: IClientNetworkHost 0x195e2:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000001.00000002.699633514.0000000006D60000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x19e23:$x1: NanoCore Client.exe 0x1af1d:$x2: NanoCore.ClientPluginHost 0x195c0:$s1: PluginCommand 0x195a8:$s2: FileCommand 0x1ad2b:$s3: PipeExists 0x19578:$s4: PipeCreated 0x1aef7:$s5: IClientLoggingHost
00000001.00000002.699633514.0000000006D60000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000001.00000002.699633514.0000000006D60000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x199d6:$a: NanoCore 0x19e23:$a: NanoCore 0x1a324:$a: NanoCore 0x1ae14:$a: NanoCore 0x1af1d:$a: NanoCore 0x1a32d:$b: ClientPlugin 0x1af26:$b: ClientPlugin 0x193e8:$c: ProjectData 0x3376d:$c: ProjectData 0x35f8d:$c: ProjectData 0x383f0:$c: ProjectData 0x1a735:$d: DESCrypto 0x19dba:$e: KeepAlive 0x1971a:$g: LogClientMessage 0x19584:$i: get_Connected 0x100c5:$j: #=q 0x10116:$j: #=q 0x1015a:$j: #=q 0x10275:$j: #=q 0x102da:$j: #=q 0x1033f:$j: #=q
00000001.00000002.699532840.0000000006CE0000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1b3bd:$x1: NanoCore.ClientPluginHost 0x1b3aa:$x2: IClientNetworkHost 0x19a82:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000001.00000002.699532840.0000000006CE0000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1a2c3:$x1: NanoCore Client.exe 0x1b3bd:$x2: NanoCore.ClientPluginHost 0x19a60:$s1: PluginCommand 0x19a48:$s2: FileCommand 0x1b1cb:$s3: PipeExists 0x19a18:$s4: PipeCreated 0x1b397:$s5: IClientLoggingHost
00000001.00000002.699532840.0000000006CE0000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000001.00000002.699532840.0000000006CE0000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x19e76:$a: NanoCore 0x1a2c3:$a: NanoCore 0x1a7c4:$a: NanoCore 0x1b2b4:$a: NanoCore 0x1b3bd:$a: NanoCore 0x1a7cd:$b: ClientPlugin 0x1b3c6:$b: ClientPlugin 0x19888:$c: ProjectData 0x33c0d:$c: ProjectData 0x3642d:$c: ProjectData 0x38890:$c: ProjectData 0x3ad55:$c: ProjectData 0x3d6e8:$c: ProjectData 0x1abd5:$d: DESCrypto 0x1a25a:$e: KeepAlive 0x19bba:$g: LogClientMessage 0x19a24:$i: get_Connected 0x10565:$j: #=q 0x105b6:$j: #=q 0x105fa:$j: #=q 0x10715:$j: #=q
00000001.00000002.698665135.0000000005981000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x3bfa5:$x1: NanoCore.ClientPluginHost 0x3bf92:$x2: IClientNetworkHost 0x3a66a:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000001.00000002.698665135.0000000005981000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000001.00000002.698665135.0000000005981000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x3aa5e:$a: NanoCore 0x3aeab:$a: NanoCore 0x3b3ac:$a: NanoCore 0x3be9c:$a: NanoCore 0x3bfa5:$a: NanoCore 0x3b3b5:$b: ClientPlugin 0x3bfae:$b: ClientPlugin 0x147d5:$c: ProjectData 0x16ff5:$c: ProjectData 0x19458:$c: ProjectData 0x1b91d:$c: ProjectData 0x1e2b0:$c: ProjectData 0x3a470:$c: ProjectData 0x547f5:$c: ProjectData 0x57015:$c: ProjectData 0x59478:$c: ProjectData 0x5b93d:$c: ProjectData 0x5e2d0:$c: ProjectData 0x60d31:$c: ProjectData 0x63b9d:$c: ProjectData 0x671d9:$c: ProjectData
00000001.00000002.699584706.0000000006D20000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1b16d:$x1: NanoCore.ClientPluginHost 0x1b15a:$x2: IClientNetworkHost 0x19832:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000001.00000002.699584706.0000000006D20000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1a073:$x1: NanoCore Client.exe 0x1b16d:$x2: NanoCore.ClientPluginHost 0x19810:$s1: PluginCommand 0x197f8:$s2: FileCommand 0x1af7b:$s3: PipeExists 0x197c8:$s4: PipeCreated 0x1b147:$s5: IClientLoggingHost
00000001.00000002.699584706.0000000006D20000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000001.00000002.699584706.0000000006D20000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x19c26:$a: NanoCore 0x1a073:$a: NanoCore 0x1a574:$a: NanoCore 0x1b064:$a: NanoCore 0x1b16d:$a: NanoCore 0x1a57d:$b: ClientPlugin 0x1b176:$b: ClientPlugin 0x19638:$c: ProjectData 0x339bd:$c: ProjectData 0x361dd:$c: ProjectData 0x38640:$c: ProjectData 0x3ab05:$c: ProjectData 0x1a985:$d: DESCrypto 0x1a00a:$e: KeepAlive 0x1996a:$g: LogClientMessage 0x197d4:$i: get_Connected 0x10315:$j: #=q 0x10366:$j: #=q 0x103aa:$j: #=q 0x104c5:$j: #=q 0x1052a:$j: #=q
00000001.00000002.695812658.00000000043B1000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x214da5:$x1: NanoCore.ClientPluginHost 0x25a775:$x1: NanoCore.ClientPluginHost 0x29c145:$x1: NanoCore.ClientPluginHost 0x2db515:$x1: NanoCore.ClientPluginHost 0x3178e5:$x1: NanoCore.ClientPluginHost 0x3512b5:$x1: NanoCore.ClientPluginHost 0x388a85:$x1: NanoCore.ClientPluginHost 0x3bd455:$x1: NanoCore.ClientPluginHost 0x214d92:$x2: IClientNetworkHost 0x25a762:$x2: IClientNetworkHost 0x29c132:$x2: IClientNetworkHost 0x2db502:$x2: IClientNetworkHost 0x3178d2:$x2: IClientNetworkHost 0x3512a2:$x2: IClientNetworkHost 0x388a72:$x2: IClientNetworkHost 0x3bd442:$x2: IClientNetworkHost 0x21346a:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x258e3a:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x29a80a:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x2d9bda:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x315faa:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000001.00000002.695812658.00000000043B1000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000001.00000002.695812658.00000000043B1000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x21385e:$a: NanoCore 0x213cab:$a: NanoCore 0x2141ac:$a: NanoCore 0x214c9c:$a: NanoCore 0x214da5:$a: NanoCore 0x25922e:$a: NanoCore 0x25967b:$a: NanoCore 0x259b7c:$a: NanoCore 0x25a66c:$a: NanoCore 0x25a775:$a: NanoCore 0x29abfe:$a: NanoCore 0x29b04b:$a: NanoCore 0x29b54c:$a: NanoCore 0x29c03c:$a: NanoCore 0x29c145:$a: NanoCore 0x2d9fce:$a: NanoCore 0x2da41b:$a: NanoCore 0x2da91c:$a: NanoCore 0x2db40c:$a: NanoCore 0x2db515:$a: NanoCore 0x31639e:$a: NanoCore
Process Memory Space: Invoice# 77-84993-84929.exe PID: 5732	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x774f53:$x1: NanoCore.ClientPluginHost 0x8c9bf9:$x1: NanoCore.ClientPluginHost 0x8f3ba6:$x1: NanoCore.ClientPluginHost 0x91cab6:$x1: NanoCore.ClientPluginHost 0xb0ea7f:$x1: NanoCore.ClientPluginHost 0xc37661:$x1: NanoCore.ClientPluginHost 0xc5e7bb:$x1: NanoCore.ClientPluginHost 0xc83b80:$x1: NanoCore.ClientPluginHost 0xca7dfb:$x1: NanoCore.ClientPluginHost 0xccae70:$x1: NanoCore.ClientPluginHost 0xcec723:$x1: NanoCore.ClientPluginHost 0xd0d20a:$x1: NanoCore.ClientPluginHost 0xd2c98a:$x1: NanoCore.ClientPluginHost 0xd53199:$x1: NanoCore.ClientPluginHost 0x774f34:$x2: IClientNetworkHost 0x8c9bda:$x2: IClientNetworkHost 0x8f3b87:$x2: IClientNetworkHost 0x91ca97:$x2: IClientNetworkHost 0xb0ea60:$x2: IClientNetworkHost 0xc37642:$x2: IClientNetworkHost 0xc5e79c:$x2: IClientNetworkHost
Process Memory Space: Invoice# 77-84993-84929.exe PID: 5732	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Process Memory Space: Invoice# 77-84993-84929.exe PID: 5732	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x772b5c:$a: NanoCore 0x773261:$a: NanoCore 0x773af7:$a: NanoCore 0x774d5a:$a: NanoCore 0x774f53:$a: NanoCore 0x77e9a8:$a: NanoCore 0x77edbb:$a: NanoCore 0x77f26a:$a: NanoCore 0x77fcb7:$a: NanoCore 0x77fdac:$a: NanoCore 0x896328:$a: NanoCore 0x89638f:$a: NanoCore 0x896432:$a: NanoCore 0x8c7802:$a: NanoCore 0x8c7f07:$a: NanoCore 0x8c879d:$a: NanoCore 0x8c9a00:$a: NanoCore 0x8c9bf9:$a: NanoCore 0x8d364e:$a: NanoCore 0x8d3a61:$a: NanoCore 0x8d3f10:$a: NanoCore
Process Memory Space: Invoice# 77-84993-84929.exe PID: 6104	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 52 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
1.2.Invoice# 77-84993-84929.exe.6c90000.6.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1980d:$x1: NanoCore.ClientPluginHost 0x197fa:$x2: IClientNetworkHost 0x17ed2:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.Invoice# 77-84993-84929.exe.6c90000.6.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x18713:$x1: NanoCore Client.exe 0x1980d:$x2: NanoCore.ClientPluginHost 0x17eb0:$s1: PluginCommand 0x17e98:$s2: FileCommand 0x1961b:$s3: PipeExists 0x17e68:$s4: PipeCreated 0x197e7:$s5: IClientLoggingHost
1.2.Invoice# 77-84993-84929.exe.6c90000.6.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.Invoice# 77-84993-84929.exe.6c90000.6.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x182c6:$a: NanoCore 0x18713:$a: NanoCore 0x18c14:$a: NanoCore 0x19704:$a: NanoCore 0x1980d:$a: NanoCore 0x18c1d:$b: ClientPlugin 0x19816:$b: ClientPlugin 0x17cd8:$c: ProjectData 0x3205d:$c: ProjectData 0x3487d:$c: ProjectData 0x36ce0:$c: ProjectData 0x391a5:$c: ProjectData 0x3bb38:$c: ProjectData 0x3e599:$c: ProjectData 0x19025:$d: DESCrypto 0x186aa:$e: KeepAlive 0x1800a:$g: LogClientMessage 0x17e74:$i: get_Connected 0xe9b5:$j: #=q 0xea06:$j: #=q 0xea4a:$j: #=q
1.2.Invoice# 77-84993-84929.exe.6da0000.10.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x18ecd:$x1: NanoCore.ClientPluginHost 0x18eba:$x2: IClientNetworkHost 0x17592:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.Invoice# 77-84993-84929.exe.6da0000.10.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x17dd3:$x1: NanoCore Client.exe 0x18ecd:$x2: NanoCore.ClientPluginHost 0x17570:$s1: PluginCommand 0x17558:$s2: FileCommand 0x18cdb:$s3: PipeExists 0x17528:$s4: PipeCreated 0x18ea7:$s5: IClientLoggingHost
1.2.Invoice# 77-84993-84929.exe.6da0000.10.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.Invoice# 77-84993-84929.exe.6da0000.10.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x17986:$a: NanoCore 0x17dd3:$a: NanoCore 0x182d4:$a: NanoCore 0x18dc4:$a: NanoCore 0x18ecd:$a: NanoCore 0x182dd:$b: ClientPlugin 0x18ed6:$b: ClientPlugin 0x17398:$c: ProjectData 0x3171d:$c: ProjectData 0x33f3d:$c: ProjectData 0x186e5:$d: DESCrypto 0x17d6a:$e: KeepAlive 0x176ca:$g: LogClientMessage 0x17534:$i: get_Connected 0xe075:$j: #=q 0xe0c6:$j: #=q 0xe10a:$j: #=q 0xe225:$j: #=q 0xe28a:$j: #=q 0xe2ef:$j: #=q 0xe33f:$j: #=q
1.2.Invoice# 77-84993-84929.exe.6da0000.10.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1accd:$x1: NanoCore.ClientPluginHost 0x1acba:$x2: IClientNetworkHost 0x19392:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.Invoice# 77-84993-84929.exe.6da0000.10.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x19bd3:$x1: NanoCore Client.exe 0x1accd:$x2: NanoCore.ClientPluginHost 0x19370:$s1: PluginCommand 0x19358:$s2: FileCommand 0x1aadb:$s3: PipeExists 0x19328:$s4: PipeCreated 0x1aca7:$s5: IClientLoggingHost
1.2.Invoice# 77-84993-84929.exe.6da0000.10.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.Invoice# 77-84993-84929.exe.6da0000.10.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x19786:$a: NanoCore 0x19bd3:$a: NanoCore 0x1a0d4:$a: NanoCore 0x1abc4:$a: NanoCore 0x1accd:$a: NanoCore 0x1a0dd:$b: ClientPlugin 0x1acd6:$b: ClientPlugin 0x19198:$c: ProjectData 0x3351d:$c: ProjectData 0x35d3d:$c: ProjectData 0x1a4e5:$d: DESCrypto 0x19b6a:$e: KeepAlive 0x194ca:$g: LogClientMessage 0x19334:$i: get_Connected 0xfe75:$j: #=q 0xfec6:$j: #=q 0xff0a:$j: #=q 0x10025:$j: #=q 0x1008a:$j: #=q 0x100ef:$j: #=q 0x1013f:$j: #=q
1.2.Invoice# 77-84993-84929.exe.6c10000.5.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1b85d:$x1: NanoCore.ClientPluginHost 0x1b84a:$x2: IClientNetworkHost 0x19f22:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.Invoice# 77-84993-84929.exe.6c10000.5.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1a763:$x1: NanoCore Client.exe 0x1b85d:$x2: NanoCore.ClientPluginHost 0x19f00:$s1: PluginCommand 0x19ee8:$s2: FileCommand 0x1b66b:$s3: PipeExists 0x19eb8:$s4: PipeCreated 0x1b837:$s5: IClientLoggingHost
1.2.Invoice# 77-84993-84929.exe.6c10000.5.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.Invoice# 77-84993-84929.exe.6c10000.5.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x1a316:$a: NanoCore 0x1a763:$a: NanoCore 0x1ac64:$a: NanoCore 0x1b754:$a: NanoCore 0x1b85d:$a: NanoCore 0x1ac6d:$b: ClientPlugin 0x1b866:$b: ClientPlugin 0x19d28:$c: ProjectData 0x340ad:$c: ProjectData 0x368cd:$c: ProjectData 0x38d30:$c: ProjectData 0x3b1f5:$c: ProjectData 0x3db88:$c: ProjectData 0x405e9:$c: ProjectData 0x43455:$c: ProjectData 0x1b075:$d: DESCrypto 0x1a6fa:$e: KeepAlive 0x1a05a:$g: LogClientMessage 0x19ec4:$i: get_Connected 0x10a05:$j: #=q 0x10a56:$j: #=q
1.2.Invoice# 77-84993-84929.exe.5810000.2.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1bf4d:$x1: NanoCore.ClientPluginHost 0x1bf3a:$x2: IClientNetworkHost 0x1a612:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.Invoice# 77-84993-84929.exe.5810000.2.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1ae53:$x1: NanoCore Client.exe 0x1bf4d:$x2: NanoCore.ClientPluginHost 0x1a5f0:$s1: PluginCommand 0x1a5d8:$s2: FileCommand 0x1bd5b:$s3: PipeExists 0x1a5a8:$s4: PipeCreated 0x1bf27:$s5: IClientLoggingHost
1.2.Invoice# 77-84993-84929.exe.5810000.2.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.Invoice# 77-84993-84929.exe.5810000.2.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x1aa06:$a: NanoCore 0x1ae53:$a: NanoCore 0x1b354:$a: NanoCore 0x1be44:$a: NanoCore 0x1bf4d:$a: NanoCore 0x1b35d:$b: ClientPlugin 0x1bf56:$b: ClientPlugin 0x1a418:$c: ProjectData 0x3479d:$c: ProjectData 0x36fbd:$c: ProjectData 0x39420:$c: ProjectData 0x3b8e5:$c: ProjectData 0x3e278:$c: ProjectData 0x40cd9:$c: ProjectData 0x43b45:$c: ProjectData 0x47181:$c: ProjectData 0x49e7f:$c: ProjectData 0x4c83f:$c: ProjectData 0x1b765:$d: DESCrypto 0x1adea:$e: KeepAlive 0x1a74a:$g: LogClientMessage
1.2.Invoice# 77-84993-84929.exe.6c90000.6.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1b60d:$x1: NanoCore.ClientPluginHost 0x1b5fa:$x2: IClientNetworkHost 0x19cd2:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.Invoice# 77-84993-84929.exe.6c90000.6.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1a513:$x1: NanoCore Client.exe 0x1b60d:$x2: NanoCore.ClientPluginHost 0x19cb0:$s1: PluginCommand 0x19c98:$s2: FileCommand 0x1b41b:$s3: PipeExists 0x19c68:$s4: PipeCreated 0x1b5e7:$s5: IClientLoggingHost
1.2.Invoice# 77-84993-84929.exe.6c90000.6.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.Invoice# 77-84993-84929.exe.6c90000.6.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x1a0c6:$a: NanoCore 0x1a513:$a: NanoCore 0x1aa14:$a: NanoCore 0x1b504:$a: NanoCore 0x1b60d:$a: NanoCore 0x1aa1d:$b: ClientPlugin 0x1b616:$b: ClientPlugin 0x19ad8:$c: ProjectData 0x33e5d:$c: ProjectData 0x3667d:$c: ProjectData 0x38ae0:$c: ProjectData 0x3afa5:$c: ProjectData 0x3d938:$c: ProjectData 0x40399:$c: ProjectData 0x1ae25:$d: DESCrypto 0x1a4aa:$e: KeepAlive 0x19e0a:$g: LogClientMessage 0x19c74:$i: get_Connected 0x107b5:$j: #=q 0x10806:$j: #=q 0x1084a:$j: #=q
1.2.Invoice# 77-84993-84929.exe.6d60000.9.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1af1d:$x1: NanoCore.ClientPluginHost 0x1af0a:$x2: IClientNetworkHost 0x195e2:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.Invoice# 77-84993-84929.exe.6d60000.9.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x19e23:$x1: NanoCore Client.exe 0x1af1d:$x2: NanoCore.ClientPluginHost 0x195c0:$s1: PluginCommand 0x195a8:$s2: FileCommand 0x1ad2b:$s3: PipeExists 0x19578:$s4: PipeCreated 0x1aef7:$s5: IClientLoggingHost
1.2.Invoice# 77-84993-84929.exe.6d60000.9.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.Invoice# 77-84993-84929.exe.6d60000.9.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x199d6:$a: NanoCore 0x19e23:$a: NanoCore 0x1a324:$a: NanoCore 0x1ae14:$a: NanoCore 0x1af1d:$a: NanoCore 0x1a32d:$b: ClientPlugin 0x1af26:$b: ClientPlugin 0x193e8:$c: ProjectData 0x3376d:$c: ProjectData 0x35f8d:$c: ProjectData 0x383f0:$c: ProjectData 0x1a735:$d: DESCrypto 0x19dba:$e: KeepAlive 0x1971a:$g: LogClientMessage 0x19584:$i: get_Connected 0x100c5:$j: #=q 0x10116:$j: #=q 0x1015a:$j: #=q 0x10275:$j: #=q 0x102da:$j: #=q 0x1033f:$j: #=q
1.2.Invoice# 77-84993-84929.exe.6de0000.11.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x18c7d:$x1: NanoCore.ClientPluginHost 0x18c6a:$x2: IClientNetworkHost 0x17342:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.Invoice# 77-84993-84929.exe.6de0000.11.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x17b83:$x1: NanoCore Client.exe 0x18c7d:$x2: NanoCore.ClientPluginHost 0x17320:$s1: PluginCommand 0x17308:$s2: FileCommand 0x18a8b:$s3: PipeExists 0x172d8:$s4: PipeCreated 0x18c57:$s5: IClientLoggingHost
1.2.Invoice# 77-84993-84929.exe.6de0000.11.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.Invoice# 77-84993-84929.exe.6de0000.11.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x17736:$a: NanoCore 0x17b83:$a: NanoCore 0x18084:$a: NanoCore 0x18b74:$a: NanoCore 0x18c7d:$a: NanoCore 0x1808d:$b: ClientPlugin 0x18c86:$b: ClientPlugin 0x17148:$c: ProjectData 0x314cd:$c: ProjectData 0x18495:$d: DESCrypto 0x17b1a:$e: KeepAlive 0x1747a:$g: LogClientMessage 0x172e4:$i: get_Connected 0xde25:$j: #=q 0xde76:$j: #=q 0xdeba:$j: #=q 0xdfd5:$j: #=q 0xe03a:$j: #=q 0xe09f:$j: #=q 0xe0ef:$j: #=q 0xe133:$j: #=q
1.2.Invoice# 77-84993-84929.exe.6d60000.9.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1911d:$x1: NanoCore.ClientPluginHost 0x1910a:$x2: IClientNetworkHost 0x177e2:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.Invoice# 77-84993-84929.exe.6d60000.9.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x18023:$x1: NanoCore Client.exe 0x1911d:$x2: NanoCore.ClientPluginHost 0x177c0:$s1: PluginCommand 0x177a8:$s2: FileCommand 0x18f2b:$s3: PipeExists 0x17778:$s4: PipeCreated 0x190f7:$s5: IClientLoggingHost
1.2.Invoice# 77-84993-84929.exe.6d60000.9.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.Invoice# 77-84993-84929.exe.6d60000.9.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x17bd6:$a: NanoCore 0x18023:$a: NanoCore 0x18524:$a: NanoCore 0x19014:$a: NanoCore 0x1911d:$a: NanoCore 0x1852d:$b: ClientPlugin 0x19126:$b: ClientPlugin 0x175e8:$c: ProjectData 0x3196d:$c: ProjectData 0x3418d:$c: ProjectData 0x365f0:$c: ProjectData 0x18935:$d: DESCrypto 0x17fba:$e: KeepAlive 0x1791a:$g: LogClientMessage 0x17784:$i: get_Connected 0xe2c5:$j: #=q 0xe316:$j: #=q 0xe35a:$j: #=q 0xe475:$j: #=q 0xe4da:$j: #=q 0xe53f:$j: #=q
1.2.Invoice# 77-84993-84929.exe.6e20000.12.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x18a2d:$x1: NanoCore.ClientPluginHost 0x18a1a:$x2: IClientNetworkHost 0x170f2:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.Invoice# 77-84993-84929.exe.6e20000.12.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x17933:$x1: NanoCore Client.exe 0x18a2d:$x2: NanoCore.ClientPluginHost 0x170d0:$s1: PluginCommand 0x170b8:$s2: FileCommand 0x1883b:$s3: PipeExists 0x17088:$s4: PipeCreated 0x18a07:$s5: IClientLoggingHost
1.2.Invoice# 77-84993-84929.exe.6e20000.12.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.Invoice# 77-84993-84929.exe.6e20000.12.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x174e6:$a: NanoCore 0x17933:$a: NanoCore 0x17e34:$a: NanoCore 0x18924:$a: NanoCore 0x18a2d:$a: NanoCore 0x17e3d:$b: ClientPlugin 0x18a36:$b: ClientPlugin 0x16ef8:$c: ProjectData 0x18245:$d: DESCrypto 0x178ca:$e: KeepAlive 0x1722a:$g: LogClientMessage 0x17094:$i: get_Connected 0xdbd5:$j: #=q 0xdc26:$j: #=q 0xdc6a:$j: #=q 0xdd85:$j: #=q 0xddea:$j: #=q 0xde4f:$j: #=q 0xde9f:$j: #=q 0xdee3:$j: #=q 0xdf13:$j: #=q
1.2.Invoice# 77-84993-84929.exe.6de0000.11.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1aa7d:$x1: NanoCore.ClientPluginHost 0x1aa6a:$x2: IClientNetworkHost 0x19142:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.Invoice# 77-84993-84929.exe.6de0000.11.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x19983:$x1: NanoCore Client.exe 0x1aa7d:$x2: NanoCore.ClientPluginHost 0x19120:$s1: PluginCommand 0x19108:$s2: FileCommand 0x1a88b:$s3: PipeExists 0x190d8:$s4: PipeCreated 0x1aa57:$s5: IClientLoggingHost
1.2.Invoice# 77-84993-84929.exe.6de0000.11.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.Invoice# 77-84993-84929.exe.6de0000.11.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x19536:$a: NanoCore 0x19983:$a: NanoCore 0x19e84:$a: NanoCore 0x1a974:$a: NanoCore 0x1aa7d:$a: NanoCore 0x19e8d:$b: ClientPlugin 0x1aa86:$b: ClientPlugin 0x18f48:$c: ProjectData 0x332cd:$c: ProjectData 0x1a295:$d: DESCrypto 0x1991a:$e: KeepAlive 0x1927a:$g: LogClientMessage 0x190e4:$i: get_Connected 0xfc25:$j: #=q 0xfc76:$j: #=q 0xfcba:$j: #=q 0xfdd5:$j: #=q 0xfe3a:$j: #=q 0xfe9f:$j: #=q 0xfeef:$j: #=q 0xff33:$j: #=q
1.2.Invoice# 77-84993-84929.exe.5810000.2.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1a14d:$x1: NanoCore.ClientPluginHost 0x1a13a:$x2: IClientNetworkHost 0x18812:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.Invoice# 77-84993-84929.exe.5810000.2.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x19053:$x1: NanoCore Client.exe 0x1a14d:$x2: NanoCore.ClientPluginHost 0x187f0:$s1: PluginCommand 0x187d8:$s2: FileCommand 0x19f5b:$s3: PipeExists 0x187a8:$s4: PipeCreated 0x1a127:$s5: IClientLoggingHost
1.2.Invoice# 77-84993-84929.exe.5810000.2.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.Invoice# 77-84993-84929.exe.5810000.2.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x18c06:$a: NanoCore 0x19053:$a: NanoCore 0x19554:$a: NanoCore 0x1a044:$a: NanoCore 0x1a14d:$a: NanoCore 0x1955d:$b: ClientPlugin 0x1a156:$b: ClientPlugin 0x18618:$c: ProjectData 0x3299d:$c: ProjectData 0x351bd:$c: ProjectData 0x37620:$c: ProjectData 0x39ae5:$c: ProjectData 0x3c478:$c: ProjectData 0x3eed9:$c: ProjectData 0x41d45:$c: ProjectData 0x45381:$c: ProjectData 0x4807f:$c: ProjectData 0x4aa3f:$c: ProjectData 0x19965:$d: DESCrypto 0x18fea:$e: KeepAlive 0x1894a:$g: LogClientMessage
1.2.Invoice# 77-84993-84929.exe.6d20000.8.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1936d:$x1: NanoCore.ClientPluginHost 0x1935a:$x2: IClientNetworkHost 0x17a32:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.Invoice# 77-84993-84929.exe.6d20000.8.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x18273:$x1: NanoCore Client.exe 0x1936d:$x2: NanoCore.ClientPluginHost 0x17a10:$s1: PluginCommand 0x179f8:$s2: FileCommand 0x1917b:$s3: PipeExists 0x179c8:$s4: PipeCreated 0x19347:$s5: IClientLoggingHost
1.2.Invoice# 77-84993-84929.exe.6d20000.8.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.Invoice# 77-84993-84929.exe.6d20000.8.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x17e26:$a: NanoCore 0x18273:$a: NanoCore 0x18774:$a: NanoCore 0x19264:$a: NanoCore 0x1936d:$a: NanoCore 0x1877d:$b: ClientPlugin 0x19376:$b: ClientPlugin 0x17838:$c: ProjectData 0x31bbd:$c: ProjectData 0x343dd:$c: ProjectData 0x36840:$c: ProjectData 0x38d05:$c: ProjectData 0x18b85:$d: DESCrypto 0x1820a:$e: KeepAlive 0x17b6a:$g: LogClientMessage 0x179d4:$i: get_Connected 0xe515:$j: #=q 0xe566:$j: #=q 0xe5aa:$j: #=q 0xe6c5:$j: #=q 0xe72a:$j: #=q
1.2.Invoice# 77-84993-84929.exe.6ce0000.7.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x195bd:$x1: NanoCore.ClientPluginHost 0x195aa:$x2: IClientNetworkHost 0x17c82:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.Invoice# 77-84993-84929.exe.6ce0000.7.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x184c3:$x1: NanoCore Client.exe 0x195bd:$x2: NanoCore.ClientPluginHost 0x17c60:$s1: PluginCommand 0x17c48:$s2: FileCommand 0x193cb:$s3: PipeExists 0x17c18:$s4: PipeCreated 0x19597:$s5: IClientLoggingHost
1.2.Invoice# 77-84993-84929.exe.6ce0000.7.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.Invoice# 77-84993-84929.exe.6ce0000.7.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x18076:$a: NanoCore 0x184c3:$a: NanoCore 0x189c4:$a: NanoCore 0x194b4:$a: NanoCore 0x195bd:$a: NanoCore 0x189cd:$b: ClientPlugin 0x195c6:$b: ClientPlugin 0x17a88:$c: ProjectData 0x31e0d:$c: ProjectData 0x3462d:$c: ProjectData 0x36a90:$c: ProjectData 0x38f55:$c: ProjectData 0x3b8e8:$c: ProjectData 0x18dd5:$d: DESCrypto 0x1845a:$e: KeepAlive 0x17dba:$g: LogClientMessage 0x17c24:$i: get_Connected 0xe765:$j: #=q 0xe7b6:$j: #=q 0xe7fa:$j: #=q 0xe915:$j: #=q
1.2.Invoice# 77-84993-84929.exe.6bc0000.4.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1baad:$x1: NanoCore.ClientPluginHost 0x1ba9a:$x2: IClientNetworkHost 0x1a172:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.Invoice# 77-84993-84929.exe.6bc0000.4.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1a9b3:$x1: NanoCore Client.exe 0x1baad:$x2: NanoCore.ClientPluginHost 0x1a150:$s1: PluginCommand 0x1a138:$s2: FileCommand 0x1b8bb:$s3: PipeExists 0x1a108:$s4: PipeCreated 0x1ba87:$s5: IClientLoggingHost
1.2.Invoice# 77-84993-84929.exe.6bc0000.4.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.Invoice# 77-84993-84929.exe.6bc0000.4.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x1a566:$a: NanoCore 0x1a9b3:$a: NanoCore 0x1aeb4:$a: NanoCore 0x1b9a4:$a: NanoCore 0x1baad:$a: NanoCore 0x1aebd:$b: ClientPlugin 0x1bab6:$b: ClientPlugin 0x19f78:$c: ProjectData 0x342fd:$c: ProjectData 0x36b1d:$c: ProjectData 0x38f80:$c: ProjectData 0x3b445:$c: ProjectData 0x3ddd8:$c: ProjectData 0x40839:$c: ProjectData 0x436a5:$c: ProjectData 0x46ce1:$c: ProjectData 0x1b2c5:$d: DESCrypto 0x1a94a:$e: KeepAlive 0x1a2aa:$g: LogClientMessage 0x1a114:$i: get_Connected 0x10c55:$j: #=q
1.2.Invoice# 77-84993-84929.exe.6b70000.3.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x19efd:$x1: NanoCore.ClientPluginHost 0x19eea:$x2: IClientNetworkHost 0x185c2:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.Invoice# 77-84993-84929.exe.6b70000.3.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x18e03:$x1: NanoCore Client.exe 0x19efd:$x2: NanoCore.ClientPluginHost 0x185a0:$s1: PluginCommand 0x18588:$s2: FileCommand 0x19d0b:$s3: PipeExists 0x18558:$s4: PipeCreated 0x19ed7:$s5: IClientLoggingHost
1.2.Invoice# 77-84993-84929.exe.6b70000.3.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.Invoice# 77-84993-84929.exe.6b70000.3.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x189b6:$a: NanoCore 0x18e03:$a: NanoCore 0x19304:$a: NanoCore 0x19df4:$a: NanoCore 0x19efd:$a: NanoCore 0x1930d:$b: ClientPlugin 0x19f06:$b: ClientPlugin 0x183c8:$c: ProjectData 0x3274d:$c: ProjectData 0x34f6d:$c: ProjectData 0x373d0:$c: ProjectData 0x39895:$c: ProjectData 0x3c228:$c: ProjectData 0x3ec89:$c: ProjectData 0x41af5:$c: ProjectData 0x45131:$c: ProjectData 0x47e2f:$c: ProjectData 0x19715:$d: DESCrypto 0x18d9a:$e: KeepAlive 0x186fa:$g: LogClientMessage 0x18564:$i: get_Connected
1.2.Invoice# 77-84993-84929.exe.6e20000.12.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1a82d:$x1: NanoCore.ClientPluginHost 0x1a81a:$x2: IClientNetworkHost 0x18ef2:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.Invoice# 77-84993-84929.exe.6e20000.12.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x19733:$x1: NanoCore Client.exe 0x1a82d:$x2: NanoCore.ClientPluginHost 0x18ed0:$s1: PluginCommand 0x18eb8:$s2: FileCommand 0x1a63b:$s3: PipeExists 0x18e88:$s4: PipeCreated 0x1a807:$s5: IClientLoggingHost
1.2.Invoice# 77-84993-84929.exe.6e20000.12.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.Invoice# 77-84993-84929.exe.6e20000.12.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x192e6:$a: NanoCore 0x19733:$a: NanoCore 0x19c34:$a: NanoCore 0x1a724:$a: NanoCore 0x1a82d:$a: NanoCore 0x19c3d:$b: ClientPlugin 0x1a836:$b: ClientPlugin 0x18cf8:$c: ProjectData 0x1a045:$d: DESCrypto 0x196ca:$e: KeepAlive 0x1902a:$g: LogClientMessage 0x18e94:$i: get_Connected 0xf9d5:$j: #=q 0xfa26:$j: #=q 0xfa6a:$j: #=q 0xfb85:$j: #=q 0xfbea:$j: #=q 0xfc4f:$j: #=q 0xfc9f:$j: #=q 0xfce3:$j: #=q 0xfd13:$j: #=q
1.2.Invoice# 77-84993-84929.exe.6c10000.5.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x19a5d:$x1: NanoCore.ClientPluginHost 0x19a4a:$x2: IClientNetworkHost 0x18122:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.Invoice# 77-84993-84929.exe.6c10000.5.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x18963:$x1: NanoCore Client.exe 0x19a5d:$x2: NanoCore.ClientPluginHost 0x18100:$s1: PluginCommand 0x180e8:$s2: FileCommand 0x1986b:$s3: PipeExists 0x180b8:$s4: PipeCreated 0x19a37:$s5: IClientLoggingHost
1.2.Invoice# 77-84993-84929.exe.6c10000.5.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.Invoice# 77-84993-84929.exe.6c10000.5.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x18516:$a: NanoCore 0x18963:$a: NanoCore 0x18e64:$a: NanoCore 0x19954:$a: NanoCore 0x19a5d:$a: NanoCore 0x18e6d:$b: ClientPlugin 0x19a66:$b: ClientPlugin 0x17f28:$c: ProjectData 0x322ad:$c: ProjectData 0x34acd:$c: ProjectData 0x36f30:$c: ProjectData 0x393f5:$c: ProjectData 0x3bd88:$c: ProjectData 0x3e7e9:$c: ProjectData 0x41655:$c: ProjectData 0x19275:$d: DESCrypto 0x188fa:$e: KeepAlive 0x1825a:$g: LogClientMessage 0x180c4:$i: get_Connected 0xec05:$j: #=q 0xec56:$j: #=q
1.2.Invoice# 77-84993-84929.exe.6bc0000.4.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x19cad:$x1: NanoCore.ClientPluginHost 0x19c9a:$x2: IClientNetworkHost 0x18372:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.Invoice# 77-84993-84929.exe.6bc0000.4.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x18bb3:$x1: NanoCore Client.exe 0x19cad:$x2: NanoCore.ClientPluginHost 0x18350:$s1: PluginCommand 0x18338:$s2: FileCommand 0x19abb:$s3: PipeExists 0x18308:$s4: PipeCreated 0x19c87:$s5: IClientLoggingHost
1.2.Invoice# 77-84993-84929.exe.6bc0000.4.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.Invoice# 77-84993-84929.exe.6bc0000.4.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x18766:$a: NanoCore 0x18bb3:$a: NanoCore 0x190b4:$a: NanoCore 0x19ba4:$a: NanoCore 0x19cad:$a: NanoCore 0x190bd:$b: ClientPlugin 0x19cb6:$b: ClientPlugin 0x18178:$c: ProjectData 0x324fd:$c: ProjectData 0x34d1d:$c: ProjectData 0x37180:$c: ProjectData 0x39645:$c: ProjectData 0x3bfd8:$c: ProjectData 0x3ea39:$c: ProjectData 0x418a5:$c: ProjectData 0x44ee1:$c: ProjectData 0x194c5:$d: DESCrypto 0x18b4a:$e: KeepAlive 0x184aa:$g: LogClientMessage 0x18314:$i: get_Connected 0xee55:$j: #=q
1.2.Invoice# 77-84993-84929.exe.6d20000.8.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1b16d:$x1: NanoCore.ClientPluginHost 0x1b15a:$x2: IClientNetworkHost 0x19832:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.Invoice# 77-84993-84929.exe.6d20000.8.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1a073:$x1: NanoCore Client.exe 0x1b16d:$x2: NanoCore.ClientPluginHost 0x19810:$s1: PluginCommand 0x197f8:$s2: FileCommand 0x1af7b:$s3: PipeExists 0x197c8:$s4: PipeCreated 0x1b147:$s5: IClientLoggingHost
1.2.Invoice# 77-84993-84929.exe.6d20000.8.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.Invoice# 77-84993-84929.exe.6d20000.8.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x19c26:$a: NanoCore 0x1a073:$a: NanoCore 0x1a574:$a: NanoCore 0x1b064:$a: NanoCore 0x1b16d:$a: NanoCore 0x1a57d:$b: ClientPlugin 0x1b176:$b: ClientPlugin 0x19638:$c: ProjectData 0x339bd:$c: ProjectData 0x361dd:$c: ProjectData 0x38640:$c: ProjectData 0x3ab05:$c: ProjectData 0x1a985:$d: DESCrypto 0x1a00a:$e: KeepAlive 0x1996a:$g: LogClientMessage 0x197d4:$i: get_Connected 0x10315:$j: #=q 0x10366:$j: #=q 0x103aa:$j: #=q 0x104c5:$j: #=q 0x1052a:$j: #=q
1.2.Invoice# 77-84993-84929.exe.6ce0000.7.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1b3bd:$x1: NanoCore.ClientPluginHost 0x1b3aa:$x2: IClientNetworkHost 0x19a82:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.Invoice# 77-84993-84929.exe.6ce0000.7.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1a2c3:$x1: NanoCore Client.exe 0x1b3bd:$x2: NanoCore.ClientPluginHost 0x19a60:$s1: PluginCommand 0x19a48:$s2: FileCommand 0x1b1cb:$s3: PipeExists 0x19a18:$s4: PipeCreated 0x1b397:$s5: IClientLoggingHost
1.2.Invoice# 77-84993-84929.exe.6ce0000.7.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.Invoice# 77-84993-84929.exe.6ce0000.7.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x19e76:$a: NanoCore 0x1a2c3:$a: NanoCore 0x1a7c4:$a: NanoCore 0x1b2b4:$a: NanoCore 0x1b3bd:$a: NanoCore 0x1a7cd:$b: ClientPlugin 0x1b3c6:$b: ClientPlugin 0x19888:$c: ProjectData 0x33c0d:$c: ProjectData 0x3642d:$c: ProjectData 0x38890:$c: ProjectData 0x3ad55:$c: ProjectData 0x3d6e8:$c: ProjectData 0x1abd5:$d: DESCrypto 0x1a25a:$e: KeepAlive 0x19bba:$g: LogClientMessage 0x19a24:$i: get_Connected 0x10565:$j: #=q 0x105b6:$j: #=q 0x105fa:$j: #=q 0x10715:$j: #=q
1.2.Invoice# 77-84993-84929.exe.6b70000.3.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1bcfd:$x1: NanoCore.ClientPluginHost 0x1bcea:$x2: IClientNetworkHost 0x1a3c2:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
1.2.Invoice# 77-84993-84929.exe.6b70000.3.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1ac03:$x1: NanoCore Client.exe 0x1bcfd:$x2: NanoCore.ClientPluginHost 0x1a3a0:$s1: PluginCommand 0x1a388:$s2: FileCommand 0x1bb0b:$s3: PipeExists 0x1a358:$s4: PipeCreated 0x1bcd7:$s5: IClientLoggingHost
1.2.Invoice# 77-84993-84929.exe.6b70000.3.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
1.2.Invoice# 77-84993-84929.exe.6b70000.3.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x1a7b6:$a: NanoCore 0x1ac03:$a: NanoCore 0x1b104:$a: NanoCore 0x1bbf4:$a: NanoCore 0x1bcfd:$a: NanoCore 0x1b10d:$b: ClientPlugin 0x1bd06:$b: ClientPlugin 0x1a1c8:$c: ProjectData 0x3454d:$c: ProjectData 0x36d6d:$c: ProjectData 0x391d0:$c: ProjectData 0x3b695:$c: ProjectData 0x3e028:$c: ProjectData 0x40a89:$c: ProjectData 0x438f5:$c: ProjectData 0x46f31:$c: ProjectData 0x49c2f:$c: ProjectData 0x1b515:$d: DESCrypto 0x1ab9a:$e: KeepAlive 0x1a4fa:$g: LogClientMessage 0x1a364:$i: get_Connected
Click to see the 83 entries

Sigma Overview

System Summary:

Sigma detected: NanoCore

Show sources

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\Invoice# 77-84993-84929.exe, ProcessId: 5732, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: Invoice# 77-84993-84929.exe

ReversingLabs: Detection: 28%

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: 00000001.00000002.699728992.0000000006DE0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.699774289.0000000006E20000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.699685453.0000000006DA0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.699371662.0000000006C10000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.698742579.0000000005A61000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.699281215.0000000006B70000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.699325849.0000000006BC0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.699482814.0000000006C90000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.698504470.0000000005810000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.699633514.0000000006D60000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.699532840.0000000006CE0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.698665135.0000000005981000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.699584706.0000000006D20000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.695812658.00000000043B1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Invoice# 77-84993-84929.exe PID: 5732, type: MEMORY
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6c90000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6da0000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6da0000.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6c10000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.5810000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6c90000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6d60000.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6de0000.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6d60000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6e20000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6de0000.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.5810000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6d20000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6ce0000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6bc0000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6b70000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6e20000.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6c10000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6bc0000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6d20000.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6ce0000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6b70000.3.raw.unpack, type: UNPACKEDPE

Machine Learning detection for sample

Show sources

Source: Invoice# 77-84993-84929.exe

Joe Sandbox ML: detected

Source: Invoice# 77-84993-84929.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: Invoice# 77-84993-84929.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source: C:\Users\user\Desktop\Invoice# 77-84993-84929.exe

Code function: 4x nop then mov dword ptr [ebp-18h], 00000000h

0_2_05849690

Source: Invoice# 77-84993-84929.exe, 00000000.00000002.399118004.0000000005104000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: Invoice# 77-84993-84929.exe, 00000000.00000002.399118004.0000000005104000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: Invoice# 77-84993-84929.exe, 00000000.00000002.399118004.0000000005104000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: Invoice# 77-84993-84929.exe, 00000000.00000002.399118004.0000000005104000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: Invoice# 77-84993-84929.exe, 00000000.00000002.399118004.0000000005104000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: Invoice# 77-84993-84929.exe, 00000000.00000002.399118004.0000000005104000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: Invoice# 77-84993-84929.exe, 00000000.00000002.399118004.0000000005104000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: Invoice# 77-84993-84929.exe, 00000000.00000002.399118004.0000000005104000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: Invoice# 77-84993-84929.exe, 00000000.00000002.399118004.0000000005104000.00000004.00000001.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: Invoice# 77-84993-84929.exe, 00000000.00000002.399118004.0000000005104000.00000004.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0

Source: Invoice# 77-84993-84929.exe, 00000000.00000002.392107723.00000000015BB000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

E-Banking Fraud:

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: 00000001.00000002.699728992.0000000006DE0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.699774289.0000000006E20000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.699685453.0000000006DA0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.699371662.0000000006C10000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.698742579.0000000005A61000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.699281215.0000000006B70000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.699325849.0000000006BC0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.699482814.0000000006C90000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.698504470.0000000005810000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.699633514.0000000006D60000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.699532840.0000000006CE0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.698665135.0000000005981000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.699584706.0000000006D20000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.695812658.00000000043B1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Invoice# 77-84993-84929.exe PID: 5732, type: MEMORY
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6c90000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6da0000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6da0000.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6c10000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.5810000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6c90000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6d60000.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6de0000.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6d60000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6e20000.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6de0000.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.5810000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6d20000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6ce0000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6bc0000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6b70000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6e20000.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6c10000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6bc0000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6d20000.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6ce0000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Invoice# 77-84993-84929.exe.6b70000.3.raw.unpack, type: UNPACKEDPE

System Summary:

Malicious sample detected (through community Yara rule)

Show sources

Source: 00000001.00000002.699728992.0000000006DE0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.699728992.0000000006DE0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000001.00000002.699774289.0000000006E20000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.699774289.0000000006E20000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000001.00000002.699685453.0000000006DA0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.699685453.0000000006DA0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000001.00000002.699371662.0000000006C10000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.699371662.0000000006C10000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000001.00000002.698742579.0000000005A61000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.698742579.0000000005A61000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000001.00000002.699281215.0000000006B70000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.699281215.0000000006B70000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000001.00000002.699325849.0000000006BC0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.699325849.0000000006BC0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000001.00000002.699482814.0000000006C90000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.699482814.0000000006C90000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000001.00000002.698504470.0000000005810000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.698504470.0000000005810000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000001.00000002.699633514.0000000006D60000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.699633514.0000000006D60000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000001.00000002.699532840.0000000006CE0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.699532840.0000000006CE0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000001.00000002.698665135.0000000005981000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.698665135.0000000005981000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000001.00000002.699584706.0000000006D20000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.699584706.0000000006D20000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000001.00000002.695812658.00000000043B1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.695812658.00000000043B1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: Invoice# 77-84993-84929.exe PID: 5732, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: Invoice# 77-84993-84929.exe PID: 5732, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Invoice# 77-84993-84929.exe.6c90000.6.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Invoice# 77-84993-84929.exe.6c90000.6.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Invoice# 77-84993-84929.exe.6da0000.10.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Invoice# 77-84993-84929.exe.6da0000.10.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Invoice# 77-84993-84929.exe.6da0000.10.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Invoice# 77-84993-84929.exe.6da0000.10.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Invoice# 77-84993-84929.exe.6c10000.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Invoice# 77-84993-84929.exe.6c10000.5.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Invoice# 77-84993-84929.exe.5810000.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Invoice# 77-84993-84929.exe.5810000.2.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Invoice# 77-84993-84929.exe.6c90000.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Invoice# 77-84993-84929.exe.6c90000.6.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Invoice# 77-84993-84929.exe.6d60000.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Invoice# 77-84993-84929.exe.6d60000.9.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Invoice# 77-84993-84929.exe.6de0000.11.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Invoice# 77-84993-84929.exe.6de0000.11.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Invoice# 77-84993-84929.exe.6d60000.9.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Invoice# 77-84993-84929.exe.6d60000.9.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Invoice# 77-84993-84929.exe.6e20000.12.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Invoice# 77-84993-84929.exe.6e20000.12.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Invoice# 77-84993-84929.exe.6de0000.11.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Invoice# 77-84993-84929.exe.6de0000.11.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Invoice# 77-84993-84929.exe.5810000.2.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Invoice# 77-84993-84929.exe.5810000.2.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Invoice# 77-84993-84929.exe.6d20000.8.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Invoice# 77-84993-84929.exe.6d20000.8.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Invoice# 77-84993-84929.exe.6ce0000.7.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Invoice# 77-84993-84929.exe.6ce0000.7.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Invoice# 77-84993-84929.exe.6bc0000.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Invoice# 77-84993-84929.exe.6bc0000.4.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Invoice# 77-84993-84929.exe.6b70000.3.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Invoice# 77-84993-84929.exe.6b70000.3.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Invoice# 77-84993-84929.exe.6e20000.12.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Invoice# 77-84993-84929.exe.6e20000.12.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Invoice# 77-84993-84929.exe.6c10000.5.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Invoice# 77-84993-84929.exe.6c10000.5.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Invoice# 77-84993-84929.exe.6bc0000.4.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Invoice# 77-84993-84929.exe.6bc0000.4.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Invoice# 77-84993-84929.exe.6d20000.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Invoice# 77-84993-84929.exe.6d20000.8.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Invoice# 77-84993-84929.exe.6ce0000.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Invoice# 77-84993-84929.exe.6ce0000.7.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Invoice# 77-84993-84929.exe.6b70000.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Invoice# 77-84993-84929.exe.6b70000.3.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>

Initial sample is a PE file and has a suspicious name

Show sources

Source: initial sample

Static PE information: Filename: Invoice# 77-84993-84929.exe

Source: C:\Users\user\Desktop\Invoice# 77-84993-84929.exe	Code function: 0_2_019BCAE4	0_2_019BCAE4
Source: C:\Users\user\Desktop\Invoice# 77-84993-84929.exe	Code function: 0_2_019BEEB0	0_2_019BEEB0
Source: C:\Users\user\Desktop\Invoice# 77-84993-84929.exe	Code function: 0_2_019BEEA3	0_2_019BEEA3
Source: C:\Users\user\Desktop\Invoice# 77-84993-84929.exe	Code function: 0_2_05848848	0_2_05848848
Source: C:\Users\user\Desktop\Invoice# 77-84993-84929.exe	Code function: 0_2_05840AE0	0_2_05840AE0
Source: C:\Users\user\Desktop\Invoice# 77-84993-84929.exe	Code function: 0_2_05849690	0_2_05849690
Source: C:\Users\user\Desktop\Invoice# 77-84993-84929.exe	Code function: 0_2_0584A538	0_2_0584A538
Source: C:\Users\user\Desktop\Invoice# 77-84993-84929.exe	Code function: 0_2_0584A548	0_2_0584A548
Source: C:\Users\user\Desktop\Invoice# 77-84993-84929.exe	Code function: 0_2_0584A7E8	0_2_0584A7E8
Source: C:\Users\user\Desktop\Invoice# 77-84993-84929.exe	Code function: 0_2_0584886D	0_2_0584886D
Source: C:\Users\user\Desktop\Invoice# 77-84993-84929.exe	Code function: 0_2_05840AD3	0_2_05840AD3
Source: C:\Users\user\Desktop\Invoice# 77-84993-84929.exe	Code function: 0_2_05849680	0_2_05849680
Source: C:\Users\user\Desktop\Invoice# 77-84993-84929.exe	Code function: 1_2_019F9528	1_2_019F9528
Source: C:\Users\user\Desktop\Invoice# 77-84993-84929.exe	Code function: 1_2_019F9C90	1_2_019F9C90
Source: C:\Users\user\Desktop\Invoice# 77-84993-84929.exe	Code function: 1_2_019F3E18	1_2_019F3E18
Source: C:\Users\user\Desktop\Invoice# 77-84993-84929.exe	Code function: 1_2_01A832B0	1_2_01A832B0

Source: Invoice# 77-84993-84929.exe	Binary or memory string: OriginalFilename vs Invoice# 77-84993-84929.exe
Source: Invoice# 77-84993-84929.exe, 00000000.00000002.400929477.0000000005860000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameTypeLibImporterFlags.dll4 vs Invoice# 77-84993-84929.exe
Source: Invoice# 77-84993-84929.exe, 00000000.00000002.395473314.0000000004704000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameAssemblyReferenceEntry.exeD vs Invoice# 77-84993-84929.exe
Source: Invoice# 77-84993-84929.exe	Binary or memory string: OriginalFilename vs Invoice# 77-84993-84929.exe
Source: Invoice# 77-84993-84929.exe, 00000001.00000002.700544344.0000000007EF0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs Invoice# 77-84993-84929.exe
Source: Invoice# 77-84993-84929.exe, 00000001.00000002.699371662.0000000006C10000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamedcad daf.exe2 vs Invoice# 77-84993-84929.exe
Source: Invoice# 77-84993-84929.exe, 00000001.00000002.699371662.0000000006C10000.00000004.00000001.sdmp	Binary or memory string: OriginalFilename>T vs Invoice# 77-84993-84929.exe
Source: Invoice# 77-84993-84929.exe, 00000001.00000002.699371662.0000000006C10000.00000004.00000001.sdmp	Binary or memory string: OriginalFilename~ vs Invoice# 77-84993-84929.exe
Source: Invoice# 77-84993-84929.exe, 00000001.00000002.699371662.0000000006C10000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamel vs Invoice# 77-84993-84929.exe
Source: Invoice# 77-84993-84929.exe	Binary or memory string: OriginalFilenamebB.exeR vs Invoice# 77-84993-84929.exe

Source: Invoice# 77-84993-84929.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: 00000001.00000002.699728992.0000000006DE0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000001.00000002.699728992.0000000006DE0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000001.00000002.699728992.0000000006DE0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000001.00000002.699774289.0000000006E20000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000001.00000002.699774289.0000000006E20000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000001.00000002.699774289.0000000006E20000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000001.00000002.699685453.0000000006DA0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000001.00000002.699685453.0000000006DA0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000001.00000002.699685453.0000000006DA0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000001.00000002.699371662.0000000006C10000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000001.00000002.699371662.0000000006C10000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000001.00000002.699371662.0000000006C10000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000001.00000002.698742579.0000000005A61000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000001.00000002.698742579.0000000005A61000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000001.00000002.699281215.0000000006B70000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000001.00000002.699281215.0000000006B70000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000001.00000002.699281215.0000000006B70000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000001.00000002.699325849.0000000006BC0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000001.00000002.699325849.0000000006BC0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000001.00000002.699325849.0000000006BC0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000001.00000002.699482814.0000000006C90000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000001.00000002.699482814.0000000006C90000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000001.00000002.699482814.0000000006C90000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000001.00000002.698504470.0000000005810000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000001.00000002.698504470.0000000005810000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000001.00000002.698504470.0000000005810000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000001.00000002.699633514.0000000006D60000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, licen<

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report Invoice# 77-84993-84929.exe

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

System Summary:

Signature Overview

AV Detection:

Compliance:

Software Vulnerabilities:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary: