Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: 00000005.00000002.505268694.00000000056C0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000005.00000002.505644430.00000000058D0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000001.00000002.242494583.0000000003EB9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000001.00000002.242494583.0000000003EB9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000005.00000002.504649374.00000000041E9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000005.00000002.495341010.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000005.00000002.495341010.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000001.00000002.242708300.0000000004005000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000001.00000002.242708300.0000000004005000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: Quotation_Order.pdf.exe PID: 3632, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: Quotation_Order.pdf.exe PID: 3632, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: MSBuild.exe PID: 5016, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: MSBuild.exe PID: 5016, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.2.MSBuild.exe.41eff7c.2.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 5.2.MSBuild.exe.58d0000.8.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 5.2.MSBuild.exe.41eb146.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 5.2.MSBuild.exe.41eb146.3.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.2.MSBuild.exe.41f45a5.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 1.2.Quotation_Order.pdf.exe.3f6c678.2.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 1.2.Quotation_Order.pdf.exe.3f6c678.2.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.2.MSBuild.exe.58d4629.9.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.2.MSBuild.exe.56c0000.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 5.2.MSBuild.exe.58d0000.8.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 1.2.Quotation_Order.pdf.exe.3f6c678.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 1.2.Quotation_Order.pdf.exe.3f6c678.2.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 5.2.MSBuild.exe.41eff7c.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 5.2.MSBuild.exe.31daf08.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Code function: 1_2_0156C2B0 |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Code function: 1_2_015699D8 |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Code function: 1_2_04EC4460 |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Code function: 1_2_04EC3D68 |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Code function: 1_2_04EC39F8 |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Code function: 1_2_04EC4A78 |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Code function: 1_2_04EC8A31 |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Code function: 1_2_04EC7204 |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Code function: 1_2_04EC54A7 |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Code function: 1_2_04EC54B8 |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Code function: 1_2_04EC4450 |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Code function: 1_2_04EC3D58 |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Code function: 1_2_04EC58E1 |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Code function: 1_2_04EC58F0 |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Code function: 1_2_04EC18D0 |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Code function: 1_2_04EC1889 |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Code function: 1_2_04EC3829 |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Code function: 1_2_04EC39E8 |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Code function: 1_2_04EC5AEB |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Code function: 1_2_04EC1289 |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Code function: 1_2_04EC1298 |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Code function: 1_2_04EC4A68 |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Code function: 1_2_04EC5B70 |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Code function: 1_2_04EC5B19 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 5_2_0151E471 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 5_2_0151E480 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 5_2_0151BBD4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 5_2_056B6550 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 5_2_056BC670 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 5_2_056B4A50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 5_2_056BF428 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 5_2_056B3E30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 5_2_056BBA58 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 5_2_056BC72E |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 5_2_056B4B08 |
Source: 00000005.00000002.505268694.00000000056C0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000005.00000002.505268694.00000000056C0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000005.00000002.505644430.00000000058D0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000005.00000002.505644430.00000000058D0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000001.00000002.242494583.0000000003EB9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000001.00000002.242494583.0000000003EB9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000005.00000002.504649374.00000000041E9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000005.00000002.495341010.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000005.00000002.495341010.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000001.00000002.242708300.0000000004005000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000001.00000002.242708300.0000000004005000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: Quotation_Order.pdf.exe PID: 3632, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: Quotation_Order.pdf.exe PID: 3632, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: MSBuild.exe PID: 5016, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: MSBuild.exe PID: 5016, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 5.2.MSBuild.exe.41eff7c.2.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 5.2.MSBuild.exe.41eff7c.2.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 5.2.MSBuild.exe.58d0000.8.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 5.2.MSBuild.exe.58d0000.8.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 5.2.MSBuild.exe.41eb146.3.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 5.2.MSBuild.exe.41eb146.3.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 5.2.MSBuild.exe.41eb146.3.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 5.2.MSBuild.exe.41f45a5.4.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 5.2.MSBuild.exe.41f45a5.4.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 1.2.Quotation_Order.pdf.exe.3f6c678.2.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 1.2.Quotation_Order.pdf.exe.3f6c678.2.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 1.2.Quotation_Order.pdf.exe.3f6c678.2.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 5.2.MSBuild.exe.58d4629.9.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 5.2.MSBuild.exe.58d4629.9.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 5.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 5.2.MSBuild.exe.56c0000.6.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 5.2.MSBuild.exe.56c0000.6.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 5.2.MSBuild.exe.58d0000.8.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 5.2.MSBuild.exe.58d0000.8.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 1.2.Quotation_Order.pdf.exe.3f6c678.2.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 1.2.Quotation_Order.pdf.exe.3f6c678.2.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 1.2.Quotation_Order.pdf.exe.3f6c678.2.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 5.2.MSBuild.exe.41eff7c.2.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 5.2.MSBuild.exe.41eff7c.2.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 5.2.MSBuild.exe.31daf08.1.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 5.2.MSBuild.exe.31daf08.1.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: Quotation_Order.pdf.exe, 00000001.00000002.242066967.0000000002EB1000.00000004.00000001.sdmp | Binary or memory string: Select * from Clientes WHERE id=@id;; |
Source: Quotation_Order.pdf.exe, 00000001.00000002.242066967.0000000002EB1000.00000004.00000001.sdmp | Binary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: Quotation_Order.pdf.exe, 00000001.00000002.242066967.0000000002EB1000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType WHERE id=@id; |
Source: Quotation_Order.pdf.exe, 00000001.00000002.242066967.0000000002EB1000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo; |
Source: Quotation_Order.pdf.exe, 00000001.00000002.242066967.0000000002EB1000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade); |
Source: Quotation_Order.pdf.exe, 00000001.00000002.242066967.0000000002EB1000.00000004.00000001.sdmp | Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone); |
Source: Quotation_Order.pdf.exe, 00000001.00000002.242066967.0000000002EB1000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: Quotation_Order.pdf.exe, 00000001.00000002.242066967.0000000002EB1000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor); |
Source: Quotation_Order.pdf.exe, 00000001.00000002.242066967.0000000002EB1000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo) |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Quotation_Order.pdf.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: MSBuild.exe, 00000005.00000002.506133432.0000000006AF0000.00000002.00000001.sdmp | Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: Quotation_Order.pdf.exe, 00000001.00000002.242066967.0000000002EB1000.00000004.00000001.sdmp | Binary or memory string: vmware |
Source: Quotation_Order.pdf.exe, 00000001.00000002.242066967.0000000002EB1000.00000004.00000001.sdmp | Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: Quotation_Order.pdf.exe, 00000001.00000002.242066967.0000000002EB1000.00000004.00000001.sdmp | Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: Quotation_Order.pdf.exe, 00000001.00000002.242066967.0000000002EB1000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath " |
Source: Quotation_Order.pdf.exe, 00000001.00000002.242066967.0000000002EB1000.00000004.00000001.sdmp | Binary or memory string: VMWARE |
Source: Quotation_Order.pdf.exe, 00000001.00000002.242066967.0000000002EB1000.00000004.00000001.sdmp | Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: MSBuild.exe, 00000005.00000002.506133432.0000000006AF0000.00000002.00000001.sdmp | Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: MSBuild.exe, 00000005.00000002.506133432.0000000006AF0000.00000002.00000001.sdmp | Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: Quotation_Order.pdf.exe, 00000001.00000002.242066967.0000000002EB1000.00000004.00000001.sdmp | Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: Quotation_Order.pdf.exe, 00000001.00000002.242066967.0000000002EB1000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II |
Source: Quotation_Order.pdf.exe, 00000001.00000002.242066967.0000000002EB1000.00000004.00000001.sdmp | Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |
Source: MSBuild.exe, 00000005.00000002.506133432.0000000006AF0000.00000002.00000001.sdmp | Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |