Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49745 -> 185.239.242.243:2010 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49747 -> 185.239.242.243:2010 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49750 -> 185.239.242.243:2010 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49751 -> 185.239.242.243:2010 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49759 -> 185.239.242.243:2010 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49764 -> 185.239.242.243:2010 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49766 -> 185.239.242.243:2010 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49775 -> 185.239.242.243:2010 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49776 -> 185.239.242.243:2010 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49777 -> 185.239.242.243:2010 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49778 -> 185.239.242.243:2010 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49779 -> 185.239.242.243:2010 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49780 -> 185.239.242.243:2010 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49783 -> 185.239.242.243:2010 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49784 -> 185.239.242.243:2010 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49785 -> 185.239.242.243:2010 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49786 -> 185.239.242.243:2010 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49787 -> 185.239.242.243:2010 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.239.242.243 |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000003.638312128.00000000054D5000.00000004.00000001.sdmp | String found in binary or memory: http://en.wxK |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp | String found in binary or memory: http://fontfabrik.com |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.661591930.0000000002511000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000003.642649855.000000000550D000.00000004.00000001.sdmp | String found in binary or memory: http://www.ascendercorp.com/typedesigners.htmlmq |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp | String found in binary or memory: http://www.carterandcone.coml |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/? |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers8 |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designers? |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp | String found in binary or memory: http://www.fontbureau.com/designersG |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000003.660725626.00000000054D0000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.comF |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000003.660725626.00000000054D0000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.comgritaSOR |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000003.660725626.00000000054D0000.00000004.00000001.sdmp | String found in binary or memory: http://www.fontbureau.comm=OD |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp | String found in binary or memory: http://www.fonts.com |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cn |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000003.640101915.00000000054DE000.00000004.00000001.sdmp, uqoYt8EFEWQXAne.exe, 00000000.00000003.640686280.00000000054D8000.00000004.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/ |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/bThe |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/cThe |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000003.640371685.00000000054D7000.00000004.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cnL |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000003.640183149.0000000000BAD000.00000004.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cnN |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000003.640183149.0000000000BAD000.00000004.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cnO |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000003.640101915.00000000054DE000.00000004.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cnmr_= |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000003.640371685.00000000054D7000.00000004.00000001.sdmp | String found in binary or memory: http://www.founder.com.cn/cnn |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp | String found in binary or memory: http://www.galapagosdesign.com/DPlease |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp | String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp | String found in binary or memory: http://www.goodfont.co.kr |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/ |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000003.644430876.0000000005505000.00000004.00000001.sdmp | String found in binary or memory: http://www.monotype. |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000003.637920168.00000000054D3000.00000004.00000001.sdmp | String found in binary or memory: http://www.sajatypeworks.com |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000003.637920168.00000000054D3000.00000004.00000001.sdmp | String found in binary or memory: http://www.sajatypeworks.comZ |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000003.637920168.00000000054D3000.00000004.00000001.sdmp | String found in binary or memory: http://www.sajatypeworks.come |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp | String found in binary or memory: http://www.sakkal.com |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp | String found in binary or memory: http://www.sandoll.co.kr |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp, uqoYt8EFEWQXAne.exe, 00000000.00000003.639384165.00000000054EB000.00000004.00000001.sdmp | String found in binary or memory: http://www.tiro.com |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp | String found in binary or memory: http://www.typography.netD |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp | String found in binary or memory: http://www.urwpp.deDPlease |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.667376898.0000000005640000.00000002.00000001.sdmp | String found in binary or memory: http://www.zhongyicts.com.cn |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.661591930.0000000002511000.00000004.00000001.sdmp | String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css |
Source: 00000000.00000002.662828873.0000000003794000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000000.00000002.662828873.0000000003794000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: uqoYt8EFEWQXAne.exe PID: 7160, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: uqoYt8EFEWQXAne.exe PID: 7160, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.uqoYt8EFEWQXAne.exe.37c33c0.4.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.uqoYt8EFEWQXAne.exe.37c33c0.4.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.uqoYt8EFEWQXAne.exe.37c33c0.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.uqoYt8EFEWQXAne.exe.37c33c0.4.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: uqoYt8EFEWQXAne.exe, LogIn.cs | Long String: Length: 13656 |
Source: krPtdhRIieabB.exe.0.dr, LogIn.cs | Long String: Length: 13656 |
Source: 0.2.uqoYt8EFEWQXAne.exe.150000.0.unpack, LogIn.cs | Long String: Length: 13656 |
Source: 0.0.uqoYt8EFEWQXAne.exe.150000.0.unpack, LogIn.cs | Long String: Length: 13656 |
Source: 4.0.uqoYt8EFEWQXAne.exe.700000.0.unpack, LogIn.cs | Long String: Length: 13656 |
Source: C:\Users\user\Desktop\uqoYt8EFEWQXAne.exe | Code function: 0_2_00B9C508 | 0_2_00B9C508 |
Source: C:\Users\user\Desktop\uqoYt8EFEWQXAne.exe | Code function: 0_2_00B99990 | 0_2_00B99990 |
Source: C:\Users\user\Desktop\uqoYt8EFEWQXAne.exe | Code function: 0_2_06D396F8 | 0_2_06D396F8 |
Source: C:\Users\user\Desktop\uqoYt8EFEWQXAne.exe | Code function: 0_2_06D30040 | 0_2_06D30040 |
Source: C:\Users\user\Desktop\uqoYt8EFEWQXAne.exe | Code function: 0_2_06D30D90 | 0_2_06D30D90 |
Source: C:\Users\user\Desktop\uqoYt8EFEWQXAne.exe | Code function: 0_2_06D33278 | 0_2_06D33278 |
Source: C:\Users\user\Desktop\uqoYt8EFEWQXAne.exe | Code function: 0_2_06D33269 | 0_2_06D33269 |
Source: C:\Users\user\Desktop\uqoYt8EFEWQXAne.exe | Code function: 0_2_06D3301A | 0_2_06D3301A |
Source: C:\Users\user\Desktop\uqoYt8EFEWQXAne.exe | Code function: 0_2_06D33028 | 0_2_06D33028 |
Source: uqoYt8EFEWQXAne.exe | Binary or memory string: OriginalFilename vs uqoYt8EFEWQXAne.exe |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000000.635181214.0000000000152000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameIsolatedStorageFilePermissionAttribute.exe6 vs uqoYt8EFEWQXAne.exe |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.661591930.0000000002511000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameAsyncState.dllF vs uqoYt8EFEWQXAne.exe |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.673360016.0000000008E20000.00000002.00000001.sdmp | Binary or memory string: originalfilename vs uqoYt8EFEWQXAne.exe |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.673360016.0000000008E20000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs uqoYt8EFEWQXAne.exe |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.673206890.0000000008D30000.00000002.00000001.sdmp | Binary or memory string: System.OriginalFileName vs uqoYt8EFEWQXAne.exe |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.669486065.0000000006B40000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamemscorrc.dllT vs uqoYt8EFEWQXAne.exe |
Source: uqoYt8EFEWQXAne.exe, 00000000.00000002.669605854.0000000006CC0000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameLegacyPathHandling.dllN vs uqoYt8EFEWQXAne.exe |
Source: uqoYt8EFEWQXAne.exe, 00000004.00000000.659785837.0000000000702000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameIsolatedStorageFilePermissionAttribute.exe6 vs uqoYt8EFEWQXAne.exe |
Source: uqoYt8EFEWQXAne.exe | Binary or memory string: OriginalFilenameIsolatedStorageFilePermissionAttribute.exe6 vs uqoYt8EFEWQXAne.exe |
Source: 00000000.00000002.662828873.0000000003794000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000000.00000002.662828873.0000000003794000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: uqoYt8EFEWQXAne.exe PID: 7160, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: uqoYt8EFEWQXAne.exe PID: 7160, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.2.uqoYt8EFEWQXAne.exe.37c33c0.4.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.uqoYt8EFEWQXAne.exe.37c33c0.4.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.uqoYt8EFEWQXAne.exe.37c33c0.4.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.2.uqoYt8EFEWQXAne.exe.37c33c0.4.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.uqoYt8EFEWQXAne.exe.37c33c0.4.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.uqoYt8EFEWQXAne.exe.37c33c0.4.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |