5.2.RegAsm.exe.c10000.11.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x5b99:$x1: NanoCore.ClientPluginHost
- 0x5bb3:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.c10000.11.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x5b99:$x2: NanoCore.ClientPluginHost
- 0x6bce:$s4: PipeCreated
- 0x5b86:$s5: IClientLoggingHost
|
5.2.RegAsm.exe.cb0000.12.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x170b:$x1: NanoCore.ClientPluginHost
- 0x1725:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.cb0000.12.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x170b:$x2: NanoCore.ClientPluginHost
- 0x34b6:$s4: PipeCreated
- 0x16f8:$s5: IClientLoggingHost
|
4.2.vbc.exe.3627c48.8.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
4.2.vbc.exe.3627c48.8.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
4.2.vbc.exe.3627c48.8.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.vbc.exe.3627c48.8.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
5.2.RegAsm.exe.e80000.19.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x41ee:$x1: NanoCore.ClientPluginHost
- 0x422b:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.e80000.19.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x41ee:$x2: NanoCore.ClientPluginHost
- 0x7641:$s4: PipeCreated
- 0x4218:$s5: IClientLoggingHost
|
5.2.RegAsm.exe.6c0000.7.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x605:$x1: NanoCore.ClientPluginHost
- 0x63e:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.6c0000.7.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x605:$x2: NanoCore.ClientPluginHost
- 0x720:$s4: PipeCreated
- 0x61f:$s5: IClientLoggingHost
|
5.2.RegAsm.exe.3b67402.28.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x2dbb:$x1: NanoCore.ClientPluginHost
- 0x2de5:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.3b67402.28.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2dbb:$x2: NanoCore.ClientPluginHost
- 0x4c6b:$s4: PipeCreated
|
5.2.RegAsm.exe.2a5109c.23.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x6da5:$x1: NanoCore.ClientPluginHost
- 0x6dd2:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.2a5109c.23.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x6da5:$x2: NanoCore.ClientPluginHost
- 0x7d74:$s2: FileCommand
- 0xc776:$s4: PipeCreated
- 0x6dbf:$s5: IClientLoggingHost
|
5.2.RegAsm.exe.c00000.10.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x39eb:$x1: NanoCore.ClientPluginHost
- 0x3a24:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.c00000.10.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x39eb:$x2: NanoCore.ClientPluginHost
- 0x3b36:$s4: PipeCreated
- 0x3a05:$s5: IClientLoggingHost
|
5.2.RegAsm.exe.e1e8a4.18.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x10937:$x1: NanoCore.ClientPluginHost
- 0x10951:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.e1e8a4.18.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x10937:$x2: NanoCore.ClientPluginHost
- 0x13c74:$s4: PipeCreated
- 0x10924:$s5: IClientLoggingHost
|
5.2.RegAsm.exe.a40000.8.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x13a8:$x1: NanoCore.ClientPluginHost
|
5.2.RegAsm.exe.a40000.8.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x13a8:$x2: NanoCore.ClientPluginHost
- 0x1486:$s4: PipeCreated
- 0x13c2:$s5: IClientLoggingHost
|
5.2.RegAsm.exe.5b0000.4.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x4bbb:$x1: NanoCore.ClientPluginHost
- 0x4be5:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.5b0000.4.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x4bbb:$x2: NanoCore.ClientPluginHost
- 0x6a6b:$s4: PipeCreated
|
4.2.vbc.exe.3486e00.5.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
4.2.vbc.exe.3486e00.5.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
4.2.vbc.exe.3486e00.5.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.vbc.exe.3486e00.5.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
5.2.RegAsm.exe.400000.2.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
5.2.RegAsm.exe.400000.2.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
5.2.RegAsm.exe.400000.2.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.2.RegAsm.exe.400000.2.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
5.2.RegAsm.exe.5c0000.5.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x8ba5:$x1: NanoCore.ClientPluginHost
- 0x8bd2:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.5c0000.5.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x8ba5:$x2: NanoCore.ClientPluginHost
- 0x9b74:$s2: FileCommand
- 0xe576:$s4: PipeCreated
- 0x8bbf:$s5: IClientLoggingHost
|
4.2.vbc.exe.340edc0.7.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0x32dad:$x1: NanoCore.ClientPluginHost
- 0x82dcd:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x32dea:$x2: IClientNetworkHost
- 0x82e0a:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x3691d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
4.2.vbc.exe.340edc0.7.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0x32b25:$x1: NanoCore Client.exe
- 0x82b45:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0x32dad:$x2: NanoCore.ClientPluginHost
- 0x82dcd:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0x343e6:$s1: PluginCommand
- 0x84406:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x343da:$s2: FileCommand
- 0x843fa:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x3528b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0x3b042:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
- 0x32dd7:$s5: IClientLoggingHost
- 0x82df7:$s5: IClientLoggingHost
|
4.2.vbc.exe.340edc0.7.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.vbc.exe.340edc0.7.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0x32b15:$a: NanoCore
- 0x32b25:$a: NanoCore
- 0x32d59:$a: NanoCore
- 0x32d6d:$a: NanoCore
- 0x32dad:$a: NanoCore
- 0x82b35:$a: NanoCore
- 0x82b45:$a: NanoCore
- 0x82d79:$a: NanoCore
- 0x82d8d:$a: NanoCore
- 0x82dcd:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0x32b74:$b: ClientPlugin
- 0x32d76:$b: ClientPlugin
- 0x32db6:$b: ClientPlugin
|
4.2.vbc.exe.df0000.3.unpack | JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | |
5.2.RegAsm.exe.5b0000.4.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x2dbb:$x1: NanoCore.ClientPluginHost
- 0x2de5:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.5b0000.4.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2dbb:$x2: NanoCore.ClientPluginHost
- 0x4c6b:$s4: PipeCreated
|
5.2.RegAsm.exe.5a0000.3.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.5a0000.3.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
|
5.2.RegAsm.exe.e80000.19.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x5fee:$x1: NanoCore.ClientPluginHost
- 0x602b:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.e80000.19.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x5fee:$x2: NanoCore.ClientPluginHost
- 0x9441:$s4: PipeCreated
- 0x6018:$s5: IClientLoggingHost
|
5.2.RegAsm.exe.2a44ddc.25.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x2dbb:$x1: NanoCore.ClientPluginHost
- 0x2de5:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.2a44ddc.25.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2dbb:$x2: NanoCore.ClientPluginHost
- 0x4c6b:$s4: PipeCreated
|
4.2.vbc.exe.3486e00.5.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
4.2.vbc.exe.3486e00.5.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
4.2.vbc.exe.3486e00.5.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.vbc.exe.3486e00.5.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
4.2.vbc.exe.3627c48.8.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
4.2.vbc.exe.3627c48.8.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
4.2.vbc.exe.3627c48.8.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.vbc.exe.3627c48.8.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
5.2.RegAsm.exe.e10000.17.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1d3db:$x1: NanoCore.ClientPluginHost
- 0x1d3f5:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.e10000.17.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1d3db:$x2: NanoCore.ClientPluginHost
- 0x20718:$s4: PipeCreated
- 0x1d3c8:$s5: IClientLoggingHost
|
5.2.RegAsm.exe.a50000.9.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x3deb:$x1: NanoCore.ClientPluginHost
- 0x3f48:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.a50000.9.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x3deb:$x2: NanoCore.ClientPluginHost
- 0x4d41:$s3: PipeExists
- 0x3fe1:$s4: PipeCreated
- 0x3e05:$s5: IClientLoggingHost
|
5.2.RegAsm.exe.de4629.13.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xb184:$x1: NanoCore.ClientPluginHost
- 0xb1b1:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.de4629.13.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xb184:$x2: NanoCore.ClientPluginHost
- 0xc25f:$s4: PipeCreated
- 0xb19e:$s5: IClientLoggingHost
|
5.2.RegAsm.exe.de4629.13.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.2.RegAsm.exe.de0000.14.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xd9ad:$x1: NanoCore.ClientPluginHost
- 0xd9da:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.de0000.14.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xd9ad:$x2: NanoCore.ClientPluginHost
- 0xea88:$s4: PipeCreated
- 0xd9c7:$s5: IClientLoggingHost
|
5.2.RegAsm.exe.de0000.14.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.2.RegAsm.exe.c10000.11.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x3d99:$x1: NanoCore.ClientPluginHost
- 0x3db3:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.c10000.11.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x3d99:$x2: NanoCore.ClientPluginHost
- 0x4dce:$s4: PipeCreated
- 0x3d86:$s5: IClientLoggingHost
|
5.2.RegAsm.exe.cb0000.12.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x350b:$x1: NanoCore.ClientPluginHost
- 0x3525:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.cb0000.12.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x350b:$x2: NanoCore.ClientPluginHost
- 0x52b6:$s4: PipeCreated
- 0x34f8:$s5: IClientLoggingHost
|
5.2.RegAsm.exe.3b73634.26.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x6da5:$x1: NanoCore.ClientPluginHost
- 0x6dd2:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.3b73634.26.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x6da5:$x2: NanoCore.ClientPluginHost
- 0x7d74:$s2: FileCommand
- 0xc776:$s4: PipeCreated
- 0x6dbf:$s5: IClientLoggingHost
|
4.2.vbc.exe.3436de0.6.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0x5adad:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x5adea:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x5e91d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
4.2.vbc.exe.3436de0.6.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0x5ab25:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0x5adad:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0x5c3e6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x5c3da:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x5d28b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0x63042:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
- 0x5add7:$s5: IClientLoggingHost
|
4.2.vbc.exe.3436de0.6.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.vbc.exe.3436de0.6.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0x5ab15:$a: NanoCore
- 0x5ab25:$a: NanoCore
- 0x5ad59:$a: NanoCore
- 0x5ad6d:$a: NanoCore
- 0x5adad:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0x5ab74:$b: ClientPlugin
- 0x5ad76:$b: ClientPlugin
- 0x5adb6:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0x5ac9b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x5b6a2:$d: DESCrypto
- 0x1664e:$e: KeepAlive
|
5.2.RegAsm.exe.de0000.14.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xf7ad:$x1: NanoCore.ClientPluginHost
- 0xf7da:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.de0000.14.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xf7ad:$x2: NanoCore.ClientPluginHost
- 0x10888:$s4: PipeCreated
- 0xf7c7:$s5: IClientLoggingHost
|
5.2.RegAsm.exe.de0000.14.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.2.RegAsm.exe.5c0000.5.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x6da5:$x1: NanoCore.ClientPluginHost
- 0x6dd2:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.5c0000.5.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x6da5:$x2: NanoCore.ClientPluginHost
- 0x7d74:$s2: FileCommand
- 0xc776:$s4: PipeCreated
- 0x6dbf:$s5: IClientLoggingHost
|
5.0.RegAsm.exe.400000.4.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
5.0.RegAsm.exe.400000.4.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
5.0.RegAsm.exe.400000.4.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.0.RegAsm.exe.400000.4.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
5.2.RegAsm.exe.c00000.10.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1deb:$x1: NanoCore.ClientPluginHost
- 0x1e24:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.c00000.10.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1deb:$x2: NanoCore.ClientPluginHost
- 0x1f36:$s4: PipeCreated
- 0x1e05:$s5: IClientLoggingHost
|
4.0.vbc.exe.df0000.0.unpack | JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | |
5.2.RegAsm.exe.6c0000.7.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x2205:$x1: NanoCore.ClientPluginHost
- 0x223e:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.6c0000.7.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2205:$x2: NanoCore.ClientPluginHost
- 0x2320:$s4: PipeCreated
- 0x221f:$s5: IClientLoggingHost
|
5.0.RegAsm.exe.400000.2.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
5.0.RegAsm.exe.400000.2.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
5.0.RegAsm.exe.400000.2.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.0.RegAsm.exe.400000.2.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
5.2.RegAsm.exe.660000.6.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x16e3:$x1: NanoCore.ClientPluginHost
- 0x171c:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.660000.6.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x16e3:$x2: NanoCore.ClientPluginHost
- 0x1800:$s4: PipeCreated
- 0x16fd:$s5: IClientLoggingHost
|
5.2.RegAsm.exe.a50000.9.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x59eb:$x1: NanoCore.ClientPluginHost
- 0x5b48:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.a50000.9.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x59eb:$x2: NanoCore.ClientPluginHost
- 0x6941:$s3: PipeExists
- 0x5be1:$s4: PipeCreated
- 0x5a05:$s5: IClientLoggingHost
|
5.2.RegAsm.exe.e10000.17.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1f1db:$x1: NanoCore.ClientPluginHost
- 0x1f1f5:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.e10000.17.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1f1db:$x2: NanoCore.ClientPluginHost
- 0x22518:$s4: PipeCreated
- 0x1f1c8:$s5: IClientLoggingHost
|
5.2.RegAsm.exe.e14c9f.16.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1a53c:$x1: NanoCore.ClientPluginHost
- 0x1a556:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.e14c9f.16.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1a53c:$x2: NanoCore.ClientPluginHost
- 0x1d879:$s4: PipeCreated
- 0x1a529:$s5: IClientLoggingHost
|
5.2.RegAsm.exe.2a5109c.23.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x8ba5:$x1: NanoCore.ClientPluginHost
- 0x15d53:$x1: NanoCore.ClientPluginHost
- 0x1c371:$x1: NanoCore.ClientPluginHost
- 0x22384:$x1: NanoCore.ClientPluginHost
- 0x2be2b:$x1: NanoCore.ClientPluginHost
- 0x36297:$x1: NanoCore.ClientPluginHost
- 0x413c5:$x1: NanoCore.ClientPluginHost
- 0x4d1a7:$x1: NanoCore.ClientPluginHost
- 0x58f36:$x1: NanoCore.ClientPluginHost
- 0x8bd2:$x2: IClientNetworkHost
- 0x15d8c:$x2: IClientNetworkHost
- 0x1c3aa:$x2: IClientNetworkHost
- 0x2bf88:$x2: IClientNetworkHost
- 0x362d0:$x2: IClientNetworkHost
- 0x413df:$x2: IClientNetworkHost
- 0x4d1c1:$x2: IClientNetworkHost
- 0x58f73:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.2a5109c.23.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x8ba5:$x2: NanoCore.ClientPluginHost
- 0x15d53:$x2: NanoCore.ClientPluginHost
- 0x1c371:$x2: NanoCore.ClientPluginHost
- 0x22384:$x2: NanoCore.ClientPluginHost
- 0x2be2b:$x2: NanoCore.ClientPluginHost
- 0x36297:$x2: NanoCore.ClientPluginHost
- 0x413c5:$x2: NanoCore.ClientPluginHost
- 0x4d1a7:$x2: NanoCore.ClientPluginHost
- 0x58f36:$x2: NanoCore.ClientPluginHost
- 0x9b74:$s2: FileCommand
- 0x2cd81:$s3: PipeExists
- 0xe576:$s4: PipeCreated
- 0x15e70:$s4: PipeCreated
- 0x1c48c:$s4: PipeCreated
- 0x22462:$s4: PipeCreated
- 0x2c021:$s4: PipeCreated
- 0x363e2:$s4: PipeCreated
- 0x423fa:$s4: PipeCreated
- 0x4ef52:$s4: PipeCreated
- 0x5c389:$s4: PipeCreated
- 0x8bbf:$s5: IClientLoggingHost
|
5.2.RegAsm.exe.2a5109c.23.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x8b7f:$a: NanoCore
- 0x8ba5:$a: NanoCore
- 0x8c01:$a: NanoCore
- 0x15a9b:$a: NanoCore
- 0x15af4:$a: NanoCore
- 0x15b27:$a: NanoCore
- 0x15d53:$a: NanoCore
- 0x15dcf:$a: NanoCore
- 0x163e8:$a: NanoCore
- 0x16531:$a: NanoCore
- 0x16a05:$a: NanoCore
- 0x16cec:$a: NanoCore
- 0x16d03:$a: NanoCore
- 0x1c371:$a: NanoCore
- 0x1c3eb:$a: NanoCore
- 0x22384:$a: NanoCore
- 0x223ce:$a: NanoCore
- 0x23028:$a: NanoCore
- 0x2be2b:$a: NanoCore
- 0x2bf15:$a: NanoCore
- 0x2cd8c:$a: NanoCore
|
4.2.vbc.exe.3436de0.6.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x601ad:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x601ea:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x63d1d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
4.2.vbc.exe.3436de0.6.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.vbc.exe.3436de0.6.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0x5ff15:$a: NanoCore
- 0x5ff25:$a: NanoCore
- 0x60159:$a: NanoCore
- 0x6016d:$a: NanoCore
- 0x601ad:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x5ff74:$b: ClientPlugin
- 0x60176:$b: ClientPlugin
- 0x601b6:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x6009b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x60aa2:$d: DESCrypto
- 0x1844e:$e: KeepAlive
|
4.2.vbc.exe.340edc0.7.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x381ad:$x1: NanoCore.ClientPluginHost
- 0x881cd:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x381ea:$x2: IClientNetworkHost
- 0x8820a:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x3bd1d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x8bd3d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
4.2.vbc.exe.340edc0.7.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.vbc.exe.340edc0.7.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0x37f15:$a: NanoCore
- 0x37f25:$a: NanoCore
- 0x38159:$a: NanoCore
- 0x3816d:$a: NanoCore
- 0x381ad:$a: NanoCore
- 0x87f35:$a: NanoCore
- 0x87f45:$a: NanoCore
- 0x88179:$a: NanoCore
- 0x8818d:$a: NanoCore
- 0x881cd:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x37f74:$b: ClientPlugin
- 0x38176:$b: ClientPlugin
- 0x381b6:$b: ClientPlugin
|
5.2.RegAsm.exe.2a3fd90.24.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0x9c07:$x1: NanoCore.ClientPluginHost
- 0x19eb1:$x1: NanoCore.ClientPluginHost
- 0x2705f:$x1: NanoCore.ClientPluginHost
- 0x2d67d:$x1: NanoCore.ClientPluginHost
- 0x33690:$x1: NanoCore.ClientPluginHost
- 0x3d137:$x1: NanoCore.ClientPluginHost
- 0x475a3:$x1: NanoCore.ClientPluginHost
- 0x526d1:$x1: NanoCore.ClientPluginHost
- 0x5e4b3:$x1: NanoCore.ClientPluginHost
- 0x6a242:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
- 0x9c31:$x2: IClientNetworkHost
- 0x19ede:$x2: IClientNetworkHost
- 0x27098:$x2: IClientNetworkHost
- 0x2d6b6:$x2: IClientNetworkHost
- 0x3d294:$x2: IClientNetworkHost
- 0x475dc:$x2: IClientNetworkHost
- 0x526eb:$x2: IClientNetworkHost
- 0x5e4cd:$x2: IClientNetworkHost
- 0x6a27f:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.2a3fd90.24.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x9c07:$x2: NanoCore.ClientPluginHost
- 0x19eb1:$x2: NanoCore.ClientPluginHost
- 0x2705f:$x2: NanoCore.ClientPluginHost
- 0x2d67d:$x2: NanoCore.ClientPluginHost
- 0x33690:$x2: NanoCore.ClientPluginHost
- 0x3d137:$x2: NanoCore.ClientPluginHost
- 0x475a3:$x2: NanoCore.ClientPluginHost
- 0x526d1:$x2: NanoCore.ClientPluginHost
- 0x5e4b3:$x2: NanoCore.ClientPluginHost
- 0x6a242:$x2: NanoCore.ClientPluginHost
- 0x1ae80:$s2: FileCommand
- 0x1261:$s3: PipeExists
- 0x3e08d:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0xbab7:$s4: PipeCreated
- 0x1f882:$s4: PipeCreated
- 0x2717c:$s4: PipeCreated
- 0x2d798:$s4: PipeCreated
- 0x3376e:$s4: PipeCreated
- 0x3d32d:$s4: PipeCreated
|
5.2.RegAsm.exe.2a3fd90.24.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xddf:$a: NanoCore
- 0xe38:$a: NanoCore
- 0xe75:$a: NanoCore
- 0xeee:$a: NanoCore
- 0x9be2:$a: NanoCore
- 0x9c07:$a: NanoCore
- 0x9c60:$a: NanoCore
- 0x19e8b:$a: NanoCore
- 0x19eb1:$a: NanoCore
- 0x19f0d:$a: NanoCore
- 0x26da7:$a: NanoCore
- 0x26e00:$a: NanoCore
- 0x26e33:$a: NanoCore
- 0x2705f:$a: NanoCore
- 0x270db:$a: NanoCore
- 0x276f4:$a: NanoCore
- 0x2783d:$a: NanoCore
- 0x27d11:$a: NanoCore
- 0x27ff8:$a: NanoCore
- 0x2800f:$a: NanoCore
- 0x2d67d:$a: NanoCore
|
5.2.RegAsm.exe.3b73634.26.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x8ba5:$x1: NanoCore.ClientPluginHost
- 0x15d0e:$x1: NanoCore.ClientPluginHost
- 0x1c25c:$x1: NanoCore.ClientPluginHost
- 0x2222d:$x1: NanoCore.ClientPluginHost
- 0x2bc99:$x1: NanoCore.ClientPluginHost
- 0x360c4:$x1: NanoCore.ClientPluginHost
- 0x410a1:$x1: NanoCore.ClientPluginHost
- 0x4ce43:$x1: NanoCore.ClientPluginHost
- 0x6231b:$x1: NanoCore.ClientPluginHost
- 0x8a57d:$x1: NanoCore.ClientPluginHost
- 0x999bd:$x1: NanoCore.ClientPluginHost
- 0xb1859:$x1: NanoCore.ClientPluginHost
- 0xd9aa7:$x1: NanoCore.ClientPluginHost
- 0x8bd2:$x2: IClientNetworkHost
- 0x15d47:$x2: IClientNetworkHost
- 0x1c295:$x2: IClientNetworkHost
- 0x2bdf6:$x2: IClientNetworkHost
- 0x360fd:$x2: IClientNetworkHost
- 0x410bb:$x2: IClientNetworkHost
- 0x4ce5d:$x2: IClientNetworkHost
- 0x62348:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.3b73634.26.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.2.RegAsm.exe.3b73634.26.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x8b7f:$a: NanoCore
- 0x8ba5:$a: NanoCore
- 0x8c01:$a: NanoCore
- 0x15a56:$a: NanoCore
- 0x15aaf:$a: NanoCore
- 0x15ae2:$a: NanoCore
- 0x15d0e:$a: NanoCore
- 0x15d8a:$a: NanoCore
- 0x163a3:$a: NanoCore
- 0x164ec:$a: NanoCore
- 0x169c0:$a: NanoCore
- 0x16ca7:$a: NanoCore
- 0x16cbe:$a: NanoCore
- 0x1c25c:$a: NanoCore
- 0x1c2d6:$a: NanoCore
- 0x20e73:$a: NanoCore
- 0x2222d:$a: NanoCore
- 0x22277:$a: NanoCore
- 0x22ed1:$a: NanoCore
- 0x2bc99:$a: NanoCore
- 0x2bd83:$a: NanoCore
|
5.2.RegAsm.exe.3b67402.28.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x4bbb:$x1: NanoCore.ClientPluginHost
- 0x14dd7:$x1: NanoCore.ClientPluginHost
- 0x21f40:$x1: NanoCore.ClientPluginHost
- 0x2848e:$x1: NanoCore.ClientPluginHost
- 0x2e45f:$x1: NanoCore.ClientPluginHost
- 0x37ecb:$x1: NanoCore.ClientPluginHost
- 0x422f6:$x1: NanoCore.ClientPluginHost
- 0x4d2d3:$x1: NanoCore.ClientPluginHost
- 0x59075:$x1: NanoCore.ClientPluginHost
- 0x6e54d:$x1: NanoCore.ClientPluginHost
- 0x967af:$x1: NanoCore.ClientPluginHost
- 0xa5bef:$x1: NanoCore.ClientPluginHost
- 0xbda8b:$x1: NanoCore.ClientPluginHost
- 0xe5cd9:$x1: NanoCore.ClientPluginHost
- 0x4be5:$x2: IClientNetworkHost
- 0x14e04:$x2: IClientNetworkHost
- 0x21f79:$x2: IClientNetworkHost
- 0x284c7:$x2: IClientNetworkHost
- 0x38028:$x2: IClientNetworkHost
- 0x4232f:$x2: IClientNetworkHost
- 0x4d2ed:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.3b67402.28.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.2.RegAsm.exe.3b67402.28.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x4b96:$a: NanoCore
- 0x4bbb:$a: NanoCore
- 0x4c14:$a: NanoCore
- 0x14db1:$a: NanoCore
- 0x14dd7:$a: NanoCore
- 0x14e33:$a: NanoCore
- 0x21c88:$a: NanoCore
- 0x21ce1:$a: NanoCore
- 0x21d14:$a: NanoCore
- 0x21f40:$a: NanoCore
- 0x21fbc:$a: NanoCore
- 0x225d5:$a: NanoCore
- 0x2271e:$a: NanoCore
- 0x22bf2:$a: NanoCore
- 0x22ed9:$a: NanoCore
- 0x22ef0:$a: NanoCore
- 0x2848e:$a: NanoCore
- 0x28508:$a: NanoCore
- 0x2d0a5:$a: NanoCore
- 0x2e45f:$a: NanoCore
- 0x2e4a9:$a: NanoCore
|
5.2.RegAsm.exe.2a44ddc.25.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x4bbb:$x1: NanoCore.ClientPluginHost
- 0x14e65:$x1: NanoCore.ClientPluginHost
- 0x22013:$x1: NanoCore.ClientPluginHost
- 0x28631:$x1: NanoCore.ClientPluginHost
- 0x2e644:$x1: NanoCore.ClientPluginHost
- 0x380eb:$x1: NanoCore.ClientPluginHost
- 0x42557:$x1: NanoCore.ClientPluginHost
- 0x4d685:$x1: NanoCore.ClientPluginHost
- 0x59467:$x1: NanoCore.ClientPluginHost
- 0x651f6:$x1: NanoCore.ClientPluginHost
- 0x4be5:$x2: IClientNetworkHost
- 0x14e92:$x2: IClientNetworkHost
- 0x2204c:$x2: IClientNetworkHost
- 0x2866a:$x2: IClientNetworkHost
- 0x38248:$x2: IClientNetworkHost
- 0x42590:$x2: IClientNetworkHost
- 0x4d69f:$x2: IClientNetworkHost
- 0x59481:$x2: IClientNetworkHost
- 0x65233:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.2a44ddc.25.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x4bbb:$x2: NanoCore.ClientPluginHost
- 0x14e65:$x2: NanoCore.ClientPluginHost
- 0x22013:$x2: NanoCore.ClientPluginHost
- 0x28631:$x2: NanoCore.ClientPluginHost
- 0x2e644:$x2: NanoCore.ClientPluginHost
- 0x380eb:$x2: NanoCore.ClientPluginHost
- 0x42557:$x2: NanoCore.ClientPluginHost
- 0x4d685:$x2: NanoCore.ClientPluginHost
- 0x59467:$x2: NanoCore.ClientPluginHost
- 0x651f6:$x2: NanoCore.ClientPluginHost
- 0x15e34:$s2: FileCommand
- 0x39041:$s3: PipeExists
- 0x6a6b:$s4: PipeCreated
- 0x1a836:$s4: PipeCreated
- 0x22130:$s4: PipeCreated
- 0x2874c:$s4: PipeCreated
- 0x2e722:$s4: PipeCreated
- 0x382e1:$s4: PipeCreated
- 0x426a2:$s4: PipeCreated
- 0x4e6ba:$s4: PipeCreated
- 0x5b212:$s4: PipeCreated
|
5.2.RegAsm.exe.2a44ddc.25.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x4b96:$a: NanoCore
- 0x4bbb:$a: NanoCore
- 0x4c14:$a: NanoCore
- 0x14e3f:$a: NanoCore
- 0x14e65:$a: NanoCore
- 0x14ec1:$a: NanoCore
- 0x21d5b:$a: NanoCore
- 0x21db4:$a: NanoCore
- 0x21de7:$a: NanoCore
- 0x22013:$a: NanoCore
- 0x2208f:$a: NanoCore
- 0x226a8:$a: NanoCore
- 0x227f1:$a: NanoCore
- 0x22cc5:$a: NanoCore
- 0x22fac:$a: NanoCore
- 0x22fc3:$a: NanoCore
- 0x28631:$a: NanoCore
- 0x286ab:$a: NanoCore
- 0x2e644:$a: NanoCore
- 0x2e68e:$a: NanoCore
- 0x2f2e8:$a: NanoCore
|
5.2.RegAsm.exe.3b625d6.27.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0x99e7:$x1: NanoCore.ClientPluginHost
- 0x19c03:$x1: NanoCore.ClientPluginHost
- 0x26d6c:$x1: NanoCore.ClientPluginHost
- 0x2d2ba:$x1: NanoCore.ClientPluginHost
- 0x3328b:$x1: NanoCore.ClientPluginHost
- 0x3ccf7:$x1: NanoCore.ClientPluginHost
- 0x47122:$x1: NanoCore.ClientPluginHost
- 0x520ff:$x1: NanoCore.ClientPluginHost
- 0x5dea1:$x1: NanoCore.ClientPluginHost
- 0x73379:$x1: NanoCore.ClientPluginHost
- 0x9b5db:$x1: NanoCore.ClientPluginHost
- 0xaaa1b:$x1: NanoCore.ClientPluginHost
- 0xc28b7:$x1: NanoCore.ClientPluginHost
- 0xeab05:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
- 0x9a11:$x2: IClientNetworkHost
- 0x19c30:$x2: IClientNetworkHost
- 0x26da5:$x2: IClientNetworkHost
- 0x2d2f3:$x2: IClientNetworkHost
- 0x3ce54:$x2: IClientNetworkHost
|
5.2.RegAsm.exe.3b625d6.27.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.2.RegAsm.exe.3b625d6.27.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xddf:$a: NanoCore
- 0xe38:$a: NanoCore
- 0xe75:$a: NanoCore
- 0xeee:$a: NanoCore
- 0x99c2:$a: NanoCore
- 0x99e7:$a: NanoCore
- 0x9a40:$a: NanoCore
- 0x19bdd:$a: NanoCore
- 0x19c03:$a: NanoCore
- 0x19c5f:$a: NanoCore
- 0x26ab4:$a: NanoCore
- 0x26b0d:$a: NanoCore
- 0x26b40:$a: NanoCore
- 0x26d6c:$a: NanoCore
- 0x26de8:$a: NanoCore
- 0x27401:$a: NanoCore
- 0x2754a:$a: NanoCore
- 0x27a1e:$a: NanoCore
- 0x27d05:$a: NanoCore
- 0x27d1c:$a: NanoCore
- 0x2d2ba:$a: NanoCore
|
Click to see the 120 entries |