5.2.vbc.exe.49d0000.12.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
|
5.2.vbc.exe.49d0000.12.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
|
4.2.vbc.exe.1da0000.3.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x215e5:$x1: NanoCore.ClientPluginHost
- 0x21622:$x2: IClientNetworkHost
- 0x25155:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
4.2.vbc.exe.1da0000.3.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.vbc.exe.1da0000.3.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x2134d:$a: NanoCore
- 0x2135d:$a: NanoCore
- 0x21591:$a: NanoCore
- 0x215a5:$a: NanoCore
- 0x215e5:$a: NanoCore
- 0x213ac:$b: ClientPlugin
- 0x215ae:$b: ClientPlugin
- 0x215ee:$b: ClientPlugin
- 0x214d3:$c: ProjectData
- 0x21eda:$d: DESCrypto
- 0x298a6:$e: KeepAlive
- 0x27894:$g: LogClientMessage
- 0x23a8f:$i: get_Connected
- 0x22210:$j: #=q
- 0x22240:$j: #=q
- 0x2225c:$j: #=q
- 0x2228c:$j: #=q
- 0x222a8:$j: #=q
- 0x222c4:$j: #=q
- 0x222f4:$j: #=q
- 0x22310:$j: #=q
|
7.2.opjlpsercy.exe.3339f42.8.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x2dbb:$x1: NanoCore.ClientPluginHost
- 0x2de5:$x2: IClientNetworkHost
|
7.2.opjlpsercy.exe.3339f42.8.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2dbb:$x2: NanoCore.ClientPluginHost
- 0x4c6b:$s4: PipeCreated
|
5.2.vbc.exe.55e0000.23.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x5b99:$x1: NanoCore.ClientPluginHost
- 0x5bb3:$x2: IClientNetworkHost
|
5.2.vbc.exe.55e0000.23.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x5b99:$x2: NanoCore.ClientPluginHost
- 0x6bce:$s4: PipeCreated
- 0x5b86:$s5: IClientLoggingHost
|
5.2.vbc.exe.5460000.19.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x605:$x1: NanoCore.ClientPluginHost
- 0x63e:$x2: IClientNetworkHost
|
5.2.vbc.exe.5460000.19.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x605:$x2: NanoCore.ClientPluginHost
- 0x720:$s4: PipeCreated
- 0x61f:$s5: IClientLoggingHost
|
5.2.vbc.exe.5620000.25.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xf7ad:$x1: NanoCore.ClientPluginHost
- 0xf7da:$x2: IClientNetworkHost
|
5.2.vbc.exe.5620000.25.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xf7ad:$x2: NanoCore.ClientPluginHost
- 0x10888:$s4: PipeCreated
- 0xf7c7:$s5: IClientLoggingHost
|
5.2.vbc.exe.5620000.25.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.2.vbc.exe.5610000.24.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x170b:$x1: NanoCore.ClientPluginHost
- 0x1725:$x2: IClientNetworkHost
|
5.2.vbc.exe.5610000.24.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x170b:$x2: NanoCore.ClientPluginHost
- 0x34b6:$s4: PipeCreated
- 0x16f8:$s5: IClientLoggingHost
|
7.1.opjlpsercy.exe.415058.1.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.1.opjlpsercy.exe.415058.1.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
7.1.opjlpsercy.exe.415058.1.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.1.opjlpsercy.exe.415058.1.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
5.2.vbc.exe.5450000.18.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x16e3:$x1: NanoCore.ClientPluginHost
- 0x171c:$x2: IClientNetworkHost
|
5.2.vbc.exe.5450000.18.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x16e3:$x2: NanoCore.ClientPluginHost
- 0x1800:$s4: PipeCreated
- 0x16fd:$s5: IClientLoggingHost
|
5.2.vbc.exe.33d6174.8.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x6da5:$x1: NanoCore.ClientPluginHost
- 0x6dd2:$x2: IClientNetworkHost
|
5.2.vbc.exe.33d6174.8.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x6da5:$x2: NanoCore.ClientPluginHost
- 0x7d74:$s2: FileCommand
- 0xc776:$s4: PipeCreated
- 0x6dbf:$s5: IClientLoggingHost
|
5.2.vbc.exe.415058.0.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
5.2.vbc.exe.415058.0.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
5.2.vbc.exe.415058.0.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.2.vbc.exe.415058.0.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
6.2.opjlpsercy.exe.1c91458.4.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
6.2.opjlpsercy.exe.1c91458.4.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
6.2.opjlpsercy.exe.1c91458.4.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
6.2.opjlpsercy.exe.1c91458.4.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
5.2.vbc.exe.4430000.9.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
5.2.vbc.exe.4430000.9.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
5.2.vbc.exe.4430000.9.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.2.vbc.exe.4430000.9.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
5.2.vbc.exe.5624629.26.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xb184:$x1: NanoCore.ClientPluginHost
- 0xb1b1:$x2: IClientNetworkHost
|
5.2.vbc.exe.5624629.26.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xb184:$x2: NanoCore.ClientPluginHost
- 0xc25f:$s4: PipeCreated
- 0xb19e:$s5: IClientLoggingHost
|
5.2.vbc.exe.5624629.26.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.2.vbc.exe.55e0000.23.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x3d99:$x1: NanoCore.ClientPluginHost
- 0x3db3:$x2: IClientNetworkHost
|
5.2.vbc.exe.55e0000.23.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x3d99:$x2: NanoCore.ClientPluginHost
- 0x4dce:$s4: PipeCreated
- 0x3d86:$s5: IClientLoggingHost
|
7.1.opjlpsercy.exe.400000.0.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x215e5:$x1: NanoCore.ClientPluginHost
- 0x21622:$x2: IClientNetworkHost
- 0x25155:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.1.opjlpsercy.exe.400000.0.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.1.opjlpsercy.exe.400000.0.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x2134d:$a: NanoCore
- 0x2135d:$a: NanoCore
- 0x21591:$a: NanoCore
- 0x215a5:$a: NanoCore
- 0x215e5:$a: NanoCore
- 0x213ac:$b: ClientPlugin
- 0x215ae:$b: ClientPlugin
- 0x215ee:$b: ClientPlugin
- 0x214d3:$c: ProjectData
- 0x21eda:$d: DESCrypto
- 0x298a6:$e: KeepAlive
- 0x27894:$g: LogClientMessage
- 0x23a8f:$i: get_Connected
- 0x22210:$j: #=q
- 0x22240:$j: #=q
- 0x2225c:$j: #=q
- 0x2228c:$j: #=q
- 0x222a8:$j: #=q
- 0x222c4:$j: #=q
- 0x222f4:$j: #=q
- 0x22310:$j: #=q
|
7.2.opjlpsercy.exe.21968f0.3.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0x9c23:$x1: NanoCore.ClientPluginHost
- 0x19ee1:$x1: NanoCore.ClientPluginHost
- 0x27097:$x1: NanoCore.ClientPluginHost
- 0x2d6c1:$x1: NanoCore.ClientPluginHost
- 0x336e0:$x1: NanoCore.ClientPluginHost
- 0x3d197:$x1: NanoCore.ClientPluginHost
- 0x4760f:$x1: NanoCore.ClientPluginHost
- 0x5274d:$x1: NanoCore.ClientPluginHost
- 0x5e53f:$x1: NanoCore.ClientPluginHost
- 0x6a39a:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
- 0x9c4d:$x2: IClientNetworkHost
- 0x19f0e:$x2: IClientNetworkHost
- 0x270d0:$x2: IClientNetworkHost
- 0x2d6fa:$x2: IClientNetworkHost
- 0x3d2f4:$x2: IClientNetworkHost
- 0x47648:$x2: IClientNetworkHost
- 0x52767:$x2: IClientNetworkHost
- 0x5e559:$x2: IClientNetworkHost
- 0x6a3d7:$x2: IClientNetworkHost
|
7.2.opjlpsercy.exe.21968f0.3.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x9c23:$x2: NanoCore.ClientPluginHost
- 0x19ee1:$x2: NanoCore.ClientPluginHost
- 0x27097:$x2: NanoCore.ClientPluginHost
- 0x2d6c1:$x2: NanoCore.ClientPluginHost
- 0x336e0:$x2: NanoCore.ClientPluginHost
- 0x3d197:$x2: NanoCore.ClientPluginHost
- 0x4760f:$x2: NanoCore.ClientPluginHost
- 0x5274d:$x2: NanoCore.ClientPluginHost
- 0x5e53f:$x2: NanoCore.ClientPluginHost
- 0x6a39a:$x2: NanoCore.ClientPluginHost
- 0x1aeb0:$s2: FileCommand
- 0x1261:$s3: PipeExists
- 0x3e0ed:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0xbad3:$s4: PipeCreated
- 0x1f8b2:$s4: PipeCreated
- 0x271b4:$s4: PipeCreated
- 0x2d7dc:$s4: PipeCreated
- 0x337be:$s4: PipeCreated
- 0x3d38d:$s4: PipeCreated
|
7.2.opjlpsercy.exe.21968f0.3.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xddf:$a: NanoCore
- 0xe38:$a: NanoCore
- 0xe75:$a: NanoCore
- 0xeee:$a: NanoCore
- 0x9bfe:$a: NanoCore
- 0x9c23:$a: NanoCore
- 0x9c7c:$a: NanoCore
- 0x19ebb:$a: NanoCore
- 0x19ee1:$a: NanoCore
- 0x19f3d:$a: NanoCore
- 0x26ddf:$a: NanoCore
- 0x26e38:$a: NanoCore
- 0x26e6b:$a: NanoCore
- 0x27097:$a: NanoCore
- 0x27113:$a: NanoCore
- 0x2772c:$a: NanoCore
- 0x27875:$a: NanoCore
- 0x27d49:$a: NanoCore
- 0x28030:$a: NanoCore
- 0x28047:$a: NanoCore
- 0x2d6c1:$a: NanoCore
|
5.2.vbc.exe.221641c.5.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x4bbb:$x1: NanoCore.ClientPluginHost
- 0x14de5:$x1: NanoCore.ClientPluginHost
- 0x21f57:$x1: NanoCore.ClientPluginHost
- 0x284ad:$x1: NanoCore.ClientPluginHost
- 0x2e488:$x1: NanoCore.ClientPluginHost
- 0x37efb:$x1: NanoCore.ClientPluginHost
- 0x4232f:$x1: NanoCore.ClientPluginHost
- 0x4d319:$x1: NanoCore.ClientPluginHost
- 0x590c7:$x1: NanoCore.ClientPluginHost
- 0x64e56:$x1: NanoCore.ClientPluginHost
- 0x4be5:$x2: IClientNetworkHost
- 0x14e12:$x2: IClientNetworkHost
- 0x21f90:$x2: IClientNetworkHost
- 0x284e6:$x2: IClientNetworkHost
- 0x38058:$x2: IClientNetworkHost
- 0x42368:$x2: IClientNetworkHost
- 0x4d333:$x2: IClientNetworkHost
- 0x590e1:$x2: IClientNetworkHost
- 0x64e93:$x2: IClientNetworkHost
|
5.2.vbc.exe.221641c.5.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x4b96:$a: NanoCore
- 0x4bbb:$a: NanoCore
- 0x4c14:$a: NanoCore
- 0x14dbf:$a: NanoCore
- 0x14de5:$a: NanoCore
- 0x14e41:$a: NanoCore
- 0x21c9f:$a: NanoCore
- 0x21cf8:$a: NanoCore
- 0x21d2b:$a: NanoCore
- 0x21f57:$a: NanoCore
- 0x21fd3:$a: NanoCore
- 0x225ec:$a: NanoCore
- 0x22735:$a: NanoCore
- 0x22c09:$a: NanoCore
- 0x22ef0:$a: NanoCore
- 0x22f07:$a: NanoCore
- 0x284ad:$a: NanoCore
- 0x28527:$a: NanoCore
- 0x2e488:$a: NanoCore
- 0x2e4d2:$a: NanoCore
- 0x2f12c:$a: NanoCore
|
5.2.vbc.exe.55b0000.20.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x13a8:$x1: NanoCore.ClientPluginHost
|
5.2.vbc.exe.55b0000.20.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x13a8:$x2: NanoCore.ClientPluginHost
- 0x1486:$s4: PipeCreated
- 0x13c2:$s5: IClientLoggingHost
|
7.2.opjlpsercy.exe.415058.1.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.opjlpsercy.exe.415058.1.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
7.2.opjlpsercy.exe.415058.1.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.opjlpsercy.exe.415058.1.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
5.2.vbc.exe.5610000.24.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x350b:$x1: NanoCore.ClientPluginHost
- 0x3525:$x2: IClientNetworkHost
|
5.2.vbc.exe.5610000.24.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x350b:$x2: NanoCore.ClientPluginHost
- 0x52b6:$s4: PipeCreated
- 0x34f8:$s5: IClientLoggingHost
|
6.2.opjlpsercy.exe.1c91458.4.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
6.2.opjlpsercy.exe.1c91458.4.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
6.2.opjlpsercy.exe.1c91458.4.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
6.2.opjlpsercy.exe.1c91458.4.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
7.2.opjlpsercy.exe.21a7c2c.4.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x6da5:$x1: NanoCore.ClientPluginHost
- 0x6dd2:$x2: IClientNetworkHost
|
7.2.opjlpsercy.exe.21a7c2c.4.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x6da5:$x2: NanoCore.ClientPluginHost
- 0x7d74:$s2: FileCommand
- 0xc776:$s4: PipeCreated
- 0x6dbf:$s5: IClientLoggingHost
|
5.2.vbc.exe.57e0000.31.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x41ee:$x1: NanoCore.ClientPluginHost
- 0x422b:$x2: IClientNetworkHost
|
5.2.vbc.exe.57e0000.31.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x41ee:$x2: NanoCore.ClientPluginHost
- 0x7641:$s4: PipeCreated
- 0x4218:$s5: IClientLoggingHost
|
6.2.opjlpsercy.exe.1c80000.3.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x215e5:$x1: NanoCore.ClientPluginHost
- 0x21622:$x2: IClientNetworkHost
- 0x25155:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
6.2.opjlpsercy.exe.1c80000.3.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
6.2.opjlpsercy.exe.1c80000.3.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x2134d:$a: NanoCore
- 0x2135d:$a: NanoCore
- 0x21591:$a: NanoCore
- 0x215a5:$a: NanoCore
- 0x215e5:$a: NanoCore
- 0x213ac:$b: ClientPlugin
- 0x215ae:$b: ClientPlugin
- 0x215ee:$b: ClientPlugin
- 0x214d3:$c: ProjectData
- 0x21eda:$d: DESCrypto
- 0x298a6:$e: KeepAlive
- 0x27894:$g: LogClientMessage
- 0x23a8f:$i: get_Connected
- 0x22210:$j: #=q
- 0x22240:$j: #=q
- 0x2225c:$j: #=q
- 0x2228c:$j: #=q
- 0x222a8:$j: #=q
- 0x222c4:$j: #=q
- 0x222f4:$j: #=q
- 0x22310:$j: #=q
|
5.1.vbc.exe.415058.1.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
5.1.vbc.exe.415058.1.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
5.1.vbc.exe.415058.1.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.1.vbc.exe.415058.1.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
5.2.vbc.exe.221641c.5.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x2dbb:$x1: NanoCore.ClientPluginHost
- 0x2de5:$x2: IClientNetworkHost
|
5.2.vbc.exe.221641c.5.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2dbb:$x2: NanoCore.ClientPluginHost
- 0x4c6b:$s4: PipeCreated
|
4.2.vbc.exe.1db1458.4.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
4.2.vbc.exe.1db1458.4.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
4.2.vbc.exe.1db1458.4.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.vbc.exe.1db1458.4.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
7.2.opjlpsercy.exe.415058.1.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.opjlpsercy.exe.415058.1.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
7.2.opjlpsercy.exe.415058.1.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.opjlpsercy.exe.415058.1.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
5.2.vbc.exe.4430000.9.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
5.2.vbc.exe.4430000.9.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
5.2.vbc.exe.4430000.9.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.2.vbc.exe.4430000.9.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
7.2.opjlpsercy.exe.3173258.5.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.opjlpsercy.exe.3173258.5.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
7.2.opjlpsercy.exe.3173258.5.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.opjlpsercy.exe.3173258.5.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
5.2.vbc.exe.55d0000.22.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x39eb:$x1: NanoCore.ClientPluginHost
- 0x3a24:$x2: IClientNetworkHost
|
5.2.vbc.exe.55d0000.22.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x39eb:$x2: NanoCore.ClientPluginHost
- 0x3b36:$s4: PipeCreated
- 0x3a05:$s5: IClientLoggingHost
|
6.2.opjlpsercy.exe.1c80000.3.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1d9e5:$x1: NanoCore.ClientPluginHost
- 0x1da22:$x2: IClientNetworkHost
- 0x21555:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
6.2.opjlpsercy.exe.1c80000.3.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
6.2.opjlpsercy.exe.1c80000.3.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x1d74d:$a: NanoCore
- 0x1d75d:$a: NanoCore
- 0x1d991:$a: NanoCore
- 0x1d9a5:$a: NanoCore
- 0x1d9e5:$a: NanoCore
- 0x1d7ac:$b: ClientPlugin
- 0x1d9ae:$b: ClientPlugin
- 0x1d9ee:$b: ClientPlugin
- 0x1d8d3:$c: ProjectData
- 0x1e2da:$d: DESCrypto
- 0x25ca6:$e: KeepAlive
- 0x23c94:$g: LogClientMessage
- 0x1fe8f:$i: get_Connected
- 0x1e610:$j: #=q
- 0x1e640:$j: #=q
- 0x1e65c:$j: #=q
- 0x1e68c:$j: #=q
- 0x1e6a8:$j: #=q
- 0x1e6c4:$j: #=q
- 0x1e6f4:$j: #=q
- 0x1e710:$j: #=q
|
5.2.vbc.exe.400000.1.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x215e5:$x1: NanoCore.ClientPluginHost
- 0x21622:$x2: IClientNetworkHost
- 0x25155:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
5.2.vbc.exe.400000.1.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.2.vbc.exe.400000.1.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x2134d:$a: NanoCore
- 0x2135d:$a: NanoCore
- 0x21591:$a: NanoCore
- 0x215a5:$a: NanoCore
- 0x215e5:$a: NanoCore
- 0x213ac:$b: ClientPlugin
- 0x215ae:$b: ClientPlugin
- 0x215ee:$b: ClientPlugin
- 0x214d3:$c: ProjectData
- 0x21eda:$d: DESCrypto
- 0x298a6:$e: KeepAlive
- 0x27894:$g: LogClientMessage
- 0x23a8f:$i: get_Connected
- 0x22210:$j: #=q
- 0x22240:$j: #=q
- 0x2225c:$j: #=q
- 0x2228c:$j: #=q
- 0x222a8:$j: #=q
- 0x222c4:$j: #=q
- 0x222f4:$j: #=q
- 0x22310:$j: #=q
|
5.2.vbc.exe.22115c4.4.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0x9a13:$x1: NanoCore.ClientPluginHost
- 0x19c3d:$x1: NanoCore.ClientPluginHost
- 0x26daf:$x1: NanoCore.ClientPluginHost
- 0x2d305:$x1: NanoCore.ClientPluginHost
- 0x332e0:$x1: NanoCore.ClientPluginHost
- 0x3cd53:$x1: NanoCore.ClientPluginHost
- 0x47187:$x1: NanoCore.ClientPluginHost
- 0x52171:$x1: NanoCore.ClientPluginHost
- 0x5df1f:$x1: NanoCore.ClientPluginHost
- 0x69cae:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
- 0x9a3d:$x2: IClientNetworkHost
- 0x19c6a:$x2: IClientNetworkHost
- 0x26de8:$x2: IClientNetworkHost
- 0x2d33e:$x2: IClientNetworkHost
- 0x3ceb0:$x2: IClientNetworkHost
- 0x471c0:$x2: IClientNetworkHost
- 0x5218b:$x2: IClientNetworkHost
- 0x5df39:$x2: IClientNetworkHost
- 0x69ceb:$x2: IClientNetworkHost
|
5.2.vbc.exe.22115c4.4.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xddf:$a: NanoCore
- 0xe38:$a: NanoCore
- 0xe75:$a: NanoCore
- 0xeee:$a: NanoCore
- 0x99ee:$a: NanoCore
- 0x9a13:$a: NanoCore
- 0x9a6c:$a: NanoCore
- 0x19c17:$a: NanoCore
- 0x19c3d:$a: NanoCore
- 0x19c99:$a: NanoCore
- 0x26af7:$a: NanoCore
- 0x26b50:$a: NanoCore
- 0x26b83:$a: NanoCore
- 0x26daf:$a: NanoCore
- 0x26e2b:$a: NanoCore
- 0x27444:$a: NanoCore
- 0x2758d:$a: NanoCore
- 0x27a61:$a: NanoCore
- 0x27d48:$a: NanoCore
- 0x27d5f:$a: NanoCore
- 0x2d305:$a: NanoCore
|
5.2.vbc.exe.222265c.3.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x6da5:$x1: NanoCore.ClientPluginHost
- 0x6dd2:$x2: IClientNetworkHost
|
5.2.vbc.exe.222265c.3.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x6da5:$x2: NanoCore.ClientPluginHost
- 0x7d74:$s2: FileCommand
- 0xc776:$s4: PipeCreated
- 0x6dbf:$s5: IClientLoggingHost
|
7.2.opjlpsercy.exe.3346174.6.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x8ba5:$x1: NanoCore.ClientPluginHost
- 0x15d0e:$x1: NanoCore.ClientPluginHost
- 0x1c25c:$x1: NanoCore.ClientPluginHost
- 0x2222d:$x1: NanoCore.ClientPluginHost
- 0x2bc99:$x1: NanoCore.ClientPluginHost
- 0x360c4:$x1: NanoCore.ClientPluginHost
- 0x410a1:$x1: NanoCore.ClientPluginHost
- 0x4ce43:$x1: NanoCore.ClientPluginHost
- 0x6231b:$x1: NanoCore.ClientPluginHost
- 0x8a57d:$x1: NanoCore.ClientPluginHost
- 0x999bd:$x1: NanoCore.ClientPluginHost
- 0xb1859:$x1: NanoCore.ClientPluginHost
- 0xd9aa7:$x1: NanoCore.ClientPluginHost
- 0x8bd2:$x2: IClientNetworkHost
- 0x15d47:$x2: IClientNetworkHost
- 0x1c295:$x2: IClientNetworkHost
- 0x2bdf6:$x2: IClientNetworkHost
- 0x360fd:$x2: IClientNetworkHost
- 0x410bb:$x2: IClientNetworkHost
- 0x4ce5d:$x2: IClientNetworkHost
- 0x62348:$x2: IClientNetworkHost
|
7.2.opjlpsercy.exe.3346174.6.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.opjlpsercy.exe.3346174.6.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x8b7f:$a: NanoCore
- 0x8ba5:$a: NanoCore
- 0x8c01:$a: NanoCore
- 0x15a56:$a: NanoCore
- 0x15aaf:$a: NanoCore
- 0x15ae2:$a: NanoCore
- 0x15d0e:$a: NanoCore
- 0x15d8a:$a: NanoCore
- 0x163a3:$a: NanoCore
- 0x164ec:$a: NanoCore
- 0x169c0:$a: NanoCore
- 0x16ca7:$a: NanoCore
- 0x16cbe:$a: NanoCore
- 0x1c25c:$a: NanoCore
- 0x1c2d6:$a: NanoCore
- 0x20e73:$a: NanoCore
- 0x2222d:$a: NanoCore
- 0x22277:$a: NanoCore
- 0x22ed1:$a: NanoCore
- 0x2bc99:$a: NanoCore
- 0x2bd83:$a: NanoCore
|
7.2.opjlpsercy.exe.43a0000.9.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.opjlpsercy.exe.43a0000.9.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
7.2.opjlpsercy.exe.43a0000.9.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.opjlpsercy.exe.43a0000.9.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
7.2.opjlpsercy.exe.43a0000.9.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.opjlpsercy.exe.43a0000.9.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
7.2.opjlpsercy.exe.43a0000.9.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.opjlpsercy.exe.43a0000.9.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
5.2.vbc.exe.57be8a4.28.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x10937:$x1: NanoCore.ClientPluginHost
- 0x10951:$x2: IClientNetworkHost
|
5.2.vbc.exe.57be8a4.28.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x10937:$x2: NanoCore.ClientPluginHost
- 0x13c74:$s4: PipeCreated
- 0x10924:$s5: IClientLoggingHost
|
7.2.opjlpsercy.exe.21a7c2c.4.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x8ba5:$x1: NanoCore.ClientPluginHost
- 0x15d5b:$x1: NanoCore.ClientPluginHost
- 0x1c385:$x1: NanoCore.ClientPluginHost
- 0x223a4:$x1: NanoCore.ClientPluginHost
- 0x2be5b:$x1: NanoCore.ClientPluginHost
- 0x362d3:$x1: NanoCore.ClientPluginHost
- 0x41411:$x1: NanoCore.ClientPluginHost
- 0x4d203:$x1: NanoCore.ClientPluginHost
- 0x5905e:$x1: NanoCore.ClientPluginHost
- 0x8bd2:$x2: IClientNetworkHost
- 0x15d94:$x2: IClientNetworkHost
- 0x1c3be:$x2: IClientNetworkHost
- 0x2bfb8:$x2: IClientNetworkHost
- 0x3630c:$x2: IClientNetworkHost
- 0x4142b:$x2: IClientNetworkHost
- 0x4d21d:$x2: IClientNetworkHost
- 0x5909b:$x2: IClientNetworkHost
|
7.2.opjlpsercy.exe.21a7c2c.4.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x8ba5:$x2: NanoCore.ClientPluginHost
- 0x15d5b:$x2: NanoCore.ClientPluginHost
- 0x1c385:$x2: NanoCore.ClientPluginHost
- 0x223a4:$x2: NanoCore.ClientPluginHost
- 0x2be5b:$x2: NanoCore.ClientPluginHost
- 0x362d3:$x2: NanoCore.ClientPluginHost
- 0x41411:$x2: NanoCore.ClientPluginHost
- 0x4d203:$x2: NanoCore.ClientPluginHost
- 0x5905e:$x2: NanoCore.ClientPluginHost
- 0x9b74:$s2: FileCommand
- 0x2cdb1:$s3: PipeExists
- 0xe576:$s4: PipeCreated
- 0x15e78:$s4: PipeCreated
- 0x1c4a0:$s4: PipeCreated
- 0x22482:$s4: PipeCreated
- 0x2c051:$s4: PipeCreated
- 0x3641e:$s4: PipeCreated
- 0x42446:$s4: PipeCreated
- 0x4efae:$s4: PipeCreated
- 0x5c4b1:$s4: PipeCreated
- 0x8bbf:$s5: IClientLoggingHost
|
7.2.opjlpsercy.exe.21a7c2c.4.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x8b7f:$a: NanoCore
- 0x8ba5:$a: NanoCore
- 0x8c01:$a: NanoCore
- 0x15aa3:$a: NanoCore
- 0x15afc:$a: NanoCore
- 0x15b2f:$a: NanoCore
- 0x15d5b:$a: NanoCore
- 0x15dd7:$a: NanoCore
- 0x163f0:$a: NanoCore
- 0x16539:$a: NanoCore
- 0x16a0d:$a: NanoCore
- 0x16cf4:$a: NanoCore
- 0x16d0b:$a: NanoCore
- 0x1c385:$a: NanoCore
- 0x1c3ff:$a: NanoCore
- 0x223a4:$a: NanoCore
- 0x223ee:$a: NanoCore
- 0x23048:$a: NanoCore
- 0x2be5b:$a: NanoCore
- 0x2bf45:$a: NanoCore
- 0x2cdbc:$a: NanoCore
|
5.2.vbc.exe.5070000.17.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x6da5:$x1: NanoCore.ClientPluginHost
- 0x6dd2:$x2: IClientNetworkHost
|
5.2.vbc.exe.5070000.17.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x6da5:$x2: NanoCore.ClientPluginHost
- 0x7d74:$s2: FileCommand
- 0xc776:$s4: PipeCreated
- 0x6dbf:$s5: IClientLoggingHost
|
5.2.vbc.exe.222265c.3.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x8ba5:$x1: NanoCore.ClientPluginHost
- 0x15d17:$x1: NanoCore.ClientPluginHost
- 0x1c26d:$x1: NanoCore.ClientPluginHost
- 0x22248:$x1: NanoCore.ClientPluginHost
- 0x2bcbb:$x1: NanoCore.ClientPluginHost
- 0x360ef:$x1: NanoCore.ClientPluginHost
- 0x410d9:$x1: NanoCore.ClientPluginHost
- 0x4ce87:$x1: NanoCore.ClientPluginHost
- 0x58c16:$x1: NanoCore.ClientPluginHost
- 0x8bd2:$x2: IClientNetworkHost
- 0x15d50:$x2: IClientNetworkHost
- 0x1c2a6:$x2: IClientNetworkHost
- 0x2be18:$x2: IClientNetworkHost
- 0x36128:$x2: IClientNetworkHost
- 0x410f3:$x2: IClientNetworkHost
- 0x4cea1:$x2: IClientNetworkHost
- 0x58c53:$x2: IClientNetworkHost
|
5.2.vbc.exe.222265c.3.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x8b7f:$a: NanoCore
- 0x8ba5:$a: NanoCore
- 0x8c01:$a: NanoCore
- 0x15a5f:$a: NanoCore
- 0x15ab8:$a: NanoCore
- 0x15aeb:$a: NanoCore
- 0x15d17:$a: NanoCore
- 0x15d93:$a: NanoCore
- 0x163ac:$a: NanoCore
- 0x164f5:$a: NanoCore
- 0x169c9:$a: NanoCore
- 0x16cb0:$a: NanoCore
- 0x16cc7:$a: NanoCore
- 0x1c26d:$a: NanoCore
- 0x1c2e7:$a: NanoCore
- 0x22248:$a: NanoCore
- 0x22292:$a: NanoCore
- 0x22eec:$a: NanoCore
- 0x2bcbb:$a: NanoCore
- 0x2bda5:$a: NanoCore
- 0x2cc1c:$a: NanoCore
|
7.2.opjlpsercy.exe.219b958.2.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x2dbb:$x1: NanoCore.ClientPluginHost
- 0x2de5:$x2: IClientNetworkHost
|
7.2.opjlpsercy.exe.219b958.2.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2dbb:$x2: NanoCore.ClientPluginHost
- 0x4c6b:$s4: PipeCreated
|
5.2.vbc.exe.33c5116.7.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.2.vbc.exe.33c5116.7.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xddf:$a: NanoCore
- 0xe38:$a: NanoCore
- 0xe75:$a: NanoCore
- 0xeee:$a: NanoCore
- 0x99c2:$a: NanoCore
- 0x99e7:$a: NanoCore
- 0x9a40:$a: NanoCore
- 0x19bdd:$a: NanoCore
- 0x19c03:$a: NanoCore
- 0x19c5f:$a: NanoCore
- 0x26ab4:$a: NanoCore
- 0x26b0d:$a: NanoCore
- 0x26b40:$a: NanoCore
- 0x26d6c:$a: NanoCore
- 0x26de8:$a: NanoCore
- 0x27401:$a: NanoCore
- 0x2754a:$a: NanoCore
- 0x27a1e:$a: NanoCore
- 0x27d05:$a: NanoCore
- 0x27d1c:$a: NanoCore
- 0x2d2ba:$a: NanoCore
|
7.2.opjlpsercy.exe.3335116.7.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0x99e7:$x1: NanoCore.ClientPluginHost
- 0x19c03:$x1: NanoCore.ClientPluginHost
- 0x26d6c:$x1: NanoCore.ClientPluginHost
- 0x2d2ba:$x1: NanoCore.ClientPluginHost
- 0x3328b:$x1: NanoCore.ClientPluginHost
- 0x3ccf7:$x1: NanoCore.ClientPluginHost
- 0x47122:$x1: NanoCore.ClientPluginHost
- 0x520ff:$x1: NanoCore.ClientPluginHost
- 0x5dea1:$x1: NanoCore.ClientPluginHost
- 0x73379:$x1: NanoCore.ClientPluginHost
- 0x9b5db:$x1: NanoCore.ClientPluginHost
- 0xaaa1b:$x1: NanoCore.ClientPluginHost
- 0xc28b7:$x1: NanoCore.ClientPluginHost
- 0xeab05:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
- 0x9a11:$x2: IClientNetworkHost
- 0x19c30:$x2: IClientNetworkHost
- 0x26da5:$x2: IClientNetworkHost
- 0x2d2f3:$x2: IClientNetworkHost
- 0x3ce54:$x2: IClientNetworkHost
|
7.2.opjlpsercy.exe.3335116.7.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.opjlpsercy.exe.3335116.7.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xddf:$a: NanoCore
- 0xe38:$a: NanoCore
- 0xe75:$a: NanoCore
- 0xeee:$a: NanoCore
- 0x99c2:$a: NanoCore
- 0x99e7:$a: NanoCore
- 0x9a40:$a: NanoCore
- 0x19bdd:$a: NanoCore
- 0x19c03:$a: NanoCore
- 0x19c5f:$a: NanoCore
- 0x26ab4:$a: NanoCore
- 0x26b0d:$a: NanoCore
- 0x26b40:$a: NanoCore
- 0x26d6c:$a: NanoCore
- 0x26de8:$a: NanoCore
- 0x27401:$a: NanoCore
- 0x2754a:$a: NanoCore
- 0x27a1e:$a: NanoCore
- 0x27d05:$a: NanoCore
- 0x27d1c:$a: NanoCore
- 0x2d2ba:$a: NanoCore
|
5.2.vbc.exe.33c9f42.6.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x4bbb:$x1: NanoCore.ClientPluginHost
- 0x14dd7:$x1: NanoCore.ClientPluginHost
- 0x21f40:$x1: NanoCore.ClientPluginHost
- 0x2848e:$x1: NanoCore.ClientPluginHost
- 0x2e45f:$x1: NanoCore.ClientPluginHost
- 0x37ecb:$x1: NanoCore.ClientPluginHost
- 0x422f6:$x1: NanoCore.ClientPluginHost
- 0x4d2d3:$x1: NanoCore.ClientPluginHost
- 0x59075:$x1: NanoCore.ClientPluginHost
- 0x6e54d:$x1: NanoCore.ClientPluginHost
- 0x967af:$x1: NanoCore.ClientPluginHost
- 0xa5bef:$x1: NanoCore.ClientPluginHost
- 0xbda8b:$x1: NanoCore.ClientPluginHost
- 0xe5cd9:$x1: NanoCore.ClientPluginHost
- 0x4be5:$x2: IClientNetworkHost
- 0x14e04:$x2: IClientNetworkHost
- 0x21f79:$x2: IClientNetworkHost
- 0x284c7:$x2: IClientNetworkHost
- 0x38028:$x2: IClientNetworkHost
- 0x4232f:$x2: IClientNetworkHost
- 0x4d2ed:$x2: IClientNetworkHost
|
5.2.vbc.exe.33c9f42.6.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.2.vbc.exe.33c9f42.6.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x4b96:$a: NanoCore
- 0x4bbb:$a: NanoCore
- 0x4c14:$a: NanoCore
- 0x14db1:$a: NanoCore
- 0x14dd7:$a: NanoCore
- 0x14e33:$a: NanoCore
- 0x21c88:$a: NanoCore
- 0x21ce1:$a: NanoCore
- 0x21d14:$a: NanoCore
- 0x21f40:$a: NanoCore
- 0x21fbc:$a: NanoCore
- 0x225d5:$a: NanoCore
- 0x2271e:$a: NanoCore
- 0x22bf2:$a: NanoCore
- 0x22ed9:$a: NanoCore
- 0x22ef0:$a: NanoCore
- 0x2848e:$a: NanoCore
- 0x28508:$a: NanoCore
- 0x2d0a5:$a: NanoCore
- 0x2e45f:$a: NanoCore
- 0x2e4a9:$a: NanoCore
|
5.2.vbc.exe.57b4c9f.30.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1a53c:$x1: NanoCore.ClientPluginHost
- 0x1a556:$x2: IClientNetworkHost
|
5.2.vbc.exe.57b4c9f.30.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1a53c:$x2: NanoCore.ClientPluginHost
- 0x1d879:$s4: PipeCreated
- 0x1a529:$s5: IClientLoggingHost
|
7.2.opjlpsercy.exe.219b958.2.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x4bbb:$x1: NanoCore.ClientPluginHost
- 0x14e79:$x1: NanoCore.ClientPluginHost
- 0x2202f:$x1: NanoCore.ClientPluginHost
- 0x28659:$x1: NanoCore.ClientPluginHost
- 0x2e678:$x1: NanoCore.ClientPluginHost
- 0x3812f:$x1: NanoCore.ClientPluginHost
- 0x425a7:$x1: NanoCore.ClientPluginHost
- 0x4d6e5:$x1: NanoCore.ClientPluginHost
- 0x594d7:$x1: NanoCore.ClientPluginHost
- 0x65332:$x1: NanoCore.ClientPluginHost
- 0x4be5:$x2: IClientNetworkHost
- 0x14ea6:$x2: IClientNetworkHost
- 0x22068:$x2: IClientNetworkHost
- 0x28692:$x2: IClientNetworkHost
- 0x3828c:$x2: IClientNetworkHost
- 0x425e0:$x2: IClientNetworkHost
- 0x4d6ff:$x2: IClientNetworkHost
- 0x594f1:$x2: IClientNetworkHost
- 0x6536f:$x2: IClientNetworkHost
|
7.2.opjlpsercy.exe.219b958.2.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x4bbb:$x2: NanoCore.ClientPluginHost
- 0x14e79:$x2: NanoCore.ClientPluginHost
- 0x2202f:$x2: NanoCore.ClientPluginHost
- 0x28659:$x2: NanoCore.ClientPluginHost
- 0x2e678:$x2: NanoCore.ClientPluginHost
- 0x3812f:$x2: NanoCore.ClientPluginHost
- 0x425a7:$x2: NanoCore.ClientPluginHost
- 0x4d6e5:$x2: NanoCore.ClientPluginHost
- 0x594d7:$x2: NanoCore.ClientPluginHost
- 0x65332:$x2: NanoCore.ClientPluginHost
- 0x15e48:$s2: FileCommand
- 0x39085:$s3: PipeExists
- 0x6a6b:$s4: PipeCreated
- 0x1a84a:$s4: PipeCreated
- 0x2214c:$s4: PipeCreated
- 0x28774:$s4: PipeCreated
- 0x2e756:$s4: PipeCreated
- 0x38325:$s4: PipeCreated
- 0x426f2:$s4: PipeCreated
- 0x4e71a:$s4: PipeCreated
- 0x5b282:$s4: PipeCreated
|
7.2.opjlpsercy.exe.219b958.2.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x4b96:$a: NanoCore
- 0x4bbb:$a: NanoCore
- 0x4c14:$a: NanoCore
- 0x14e53:$a: NanoCore
- 0x14e79:$a: NanoCore
- 0x14ed5:$a: NanoCore
- 0x21d77:$a: NanoCore
- 0x21dd0:$a: NanoCore
- 0x21e03:$a: NanoCore
- 0x2202f:$a: NanoCore
- 0x220ab:$a: NanoCore
- 0x226c4:$a: NanoCore
- 0x2280d:$a: NanoCore
- 0x22ce1:$a: NanoCore
- 0x22fc8:$a: NanoCore
- 0x22fdf:$a: NanoCore
- 0x28659:$a: NanoCore
- 0x286d3:$a: NanoCore
- 0x2e678:$a: NanoCore
- 0x2e6c2:$a: NanoCore
- 0x2f31c:$a: NanoCore
|
5.2.vbc.exe.57b0000.29.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1f1db:$x1: NanoCore.ClientPluginHost
- 0x1f1f5:$x2: IClientNetworkHost
|
5.2.vbc.exe.57b0000.29.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1f1db:$x2: NanoCore.ClientPluginHost
- 0x22518:$s4: PipeCreated
- 0x1f1c8:$s5: IClientLoggingHost
|
5.2.vbc.exe.44c0000.10.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
5.2.vbc.exe.44c0000.10.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
5.2.vbc.exe.44c0000.10.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.2.vbc.exe.44c0000.10.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
5.2.vbc.exe.55d0000.22.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1deb:$x1: NanoCore.ClientPluginHost
- 0x1e24:$x2: IClientNetworkHost
|
5.2.vbc.exe.55d0000.22.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1deb:$x2: NanoCore.ClientPluginHost
- 0x1f36:$s4: PipeCreated
- 0x1e05:$s5: IClientLoggingHost
|
5.2.vbc.exe.415058.0.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
5.2.vbc.exe.415058.0.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
5.2.vbc.exe.415058.0.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.2.vbc.exe.415058.0.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
5.2.vbc.exe.55c0000.21.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x3deb:$x1: NanoCore.ClientPluginHost
- 0x3f48:$x2: IClientNetworkHost
|
5.2.vbc.exe.55c0000.21.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x3deb:$x2: NanoCore.ClientPluginHost
- 0x4d41:$s3: PipeExists
- 0x3fe1:$s4: PipeCreated
- 0x3e05:$s5: IClientLoggingHost
|
7.1.opjlpsercy.exe.415058.1.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.1.opjlpsercy.exe.415058.1.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
7.1.opjlpsercy.exe.415058.1.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.1.opjlpsercy.exe.415058.1.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
4.2.vbc.exe.1da0000.3.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1d9e5:$x1: NanoCore.ClientPluginHost
- 0x1da22:$x2: IClientNetworkHost
- 0x21555:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
4.2.vbc.exe.1da0000.3.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.vbc.exe.1da0000.3.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x1d74d:$a: NanoCore
- 0x1d75d:$a: NanoCore
- 0x1d991:$a: NanoCore
- 0x1d9a5:$a: NanoCore
- 0x1d9e5:$a: NanoCore
- 0x1d7ac:$b: ClientPlugin
- 0x1d9ae:$b: ClientPlugin
- 0x1d9ee:$b: ClientPlugin
- 0x1d8d3:$c: ProjectData
- 0x1e2da:$d: DESCrypto
- 0x25ca6:$e: KeepAlive
- 0x23c94:$g: LogClientMessage
- 0x1fe8f:$i: get_Connected
- 0x1e610:$j: #=q
- 0x1e640:$j: #=q
- 0x1e65c:$j: #=q
- 0x1e68c:$j: #=q
- 0x1e6a8:$j: #=q
- 0x1e6c4:$j: #=q
- 0x1e6f4:$j: #=q
- 0x1e710:$j: #=q
|
5.2.vbc.exe.5620000.25.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xd9ad:$x1: NanoCore.ClientPluginHost
- 0xd9da:$x2: IClientNetworkHost
|
5.2.vbc.exe.5620000.25.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xd9ad:$x2: NanoCore.ClientPluginHost
- 0xea88:$s4: PipeCreated
- 0xd9c7:$s5: IClientLoggingHost
|
5.2.vbc.exe.5620000.25.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.1.vbc.exe.415058.1.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
5.1.vbc.exe.415058.1.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
5.1.vbc.exe.415058.1.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.1.vbc.exe.415058.1.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
5.2.vbc.exe.5460000.19.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x2205:$x1: NanoCore.ClientPluginHost
- 0x223e:$x2: IClientNetworkHost
|
5.2.vbc.exe.5460000.19.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2205:$x2: NanoCore.ClientPluginHost
- 0x2320:$s4: PipeCreated
- 0x221f:$s5: IClientLoggingHost
|
4.2.vbc.exe.1db1458.4.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
4.2.vbc.exe.1db1458.4.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
4.2.vbc.exe.1db1458.4.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.vbc.exe.1db1458.4.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
5.2.vbc.exe.55c0000.21.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x59eb:$x1: NanoCore.ClientPluginHost
- 0x5b48:$x2: IClientNetworkHost
|
5.2.vbc.exe.55c0000.21.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x59eb:$x2: NanoCore.ClientPluginHost
- 0x6941:$s3: PipeExists
- 0x5be1:$s4: PipeCreated
- 0x5a05:$s5: IClientLoggingHost
|
7.2.opjlpsercy.exe.400000.0.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x215e5:$x1: NanoCore.ClientPluginHost
- 0x21622:$x2: IClientNetworkHost
- 0x25155:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.opjlpsercy.exe.400000.0.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.opjlpsercy.exe.400000.0.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x2134d:$a: NanoCore
- 0x2135d:$a: NanoCore
- 0x21591:$a: NanoCore
- 0x215a5:$a: NanoCore
- 0x215e5:$a: NanoCore
- 0x213ac:$b: ClientPlugin
- 0x215ae:$b: ClientPlugin
- 0x215ee:$b: ClientPlugin
- 0x214d3:$c: ProjectData
- 0x21eda:$d: DESCrypto
- 0x298a6:$e: KeepAlive
- 0x27894:$g: LogClientMessage
- 0x23a8f:$i: get_Connected
- 0x22210:$j: #=q
- 0x22240:$j: #=q
- 0x2225c:$j: #=q
- 0x2228c:$j: #=q
- 0x222a8:$j: #=q
- 0x222c4:$j: #=q
- 0x222f4:$j: #=q
- 0x22310:$j: #=q
|
5.2.vbc.exe.4c60000.13.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x2dbb:$x1: NanoCore.ClientPluginHost
- 0x2de5:$x2: IClientNetworkHost
|
5.2.vbc.exe.4c60000.13.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2dbb:$x2: NanoCore.ClientPluginHost
- 0x4c6b:$s4: PipeCreated
|
7.2.opjlpsercy.exe.3339f42.8.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x4bbb:$x1: NanoCore.ClientPluginHost
- 0x14dd7:$x1: NanoCore.ClientPluginHost
- 0x21f40:$x1: NanoCore.ClientPluginHost
- 0x2848e:$x1: NanoCore.ClientPluginHost
- 0x2e45f:$x1: NanoCore.ClientPluginHost
- 0x37ecb:$x1: NanoCore.ClientPluginHost
- 0x422f6:$x1: NanoCore.ClientPluginHost
- 0x4d2d3:$x1: NanoCore.ClientPluginHost
- 0x59075:$x1: NanoCore.ClientPluginHost
- 0x6e54d:$x1: NanoCore.ClientPluginHost
- 0x967af:$x1: NanoCore.ClientPluginHost
- 0xa5bef:$x1: NanoCore.ClientPluginHost
- 0xbda8b:$x1: NanoCore.ClientPluginHost
- 0xe5cd9:$x1: NanoCore.ClientPluginHost
- 0x4be5:$x2: IClientNetworkHost
- 0x14e04:$x2: IClientNetworkHost
- 0x21f79:$x2: IClientNetworkHost
- 0x284c7:$x2: IClientNetworkHost
- 0x38028:$x2: IClientNetworkHost
- 0x4232f:$x2: IClientNetworkHost
- 0x4d2ed:$x2: IClientNetworkHost
|
7.2.opjlpsercy.exe.3339f42.8.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.opjlpsercy.exe.3339f42.8.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x4b96:$a: NanoCore
- 0x4bbb:$a: NanoCore
- 0x4c14:$a: NanoCore
- 0x14db1:$a: NanoCore
- 0x14dd7:$a: NanoCore
- 0x14e33:$a: NanoCore
- 0x21c88:$a: NanoCore
- 0x21ce1:$a: NanoCore
- 0x21d14:$a: NanoCore
- 0x21f40:$a: NanoCore
- 0x21fbc:$a: NanoCore
- 0x225d5:$a: NanoCore
- 0x2271e:$a: NanoCore
- 0x22bf2:$a: NanoCore
- 0x22ed9:$a: NanoCore
- 0x22ef0:$a: NanoCore
- 0x2848e:$a: NanoCore
- 0x28508:$a: NanoCore
- 0x2d0a5:$a: NanoCore
- 0x2e45f:$a: NanoCore
- 0x2e4a9:$a: NanoCore
|
7.2.opjlpsercy.exe.4430000.10.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.opjlpsercy.exe.4430000.10.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
7.2.opjlpsercy.exe.4430000.10.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.opjlpsercy.exe.4430000.10.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
7.2.opjlpsercy.exe.400000.0.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x251e5:$x1: NanoCore.ClientPluginHost
- 0x25222:$x2: IClientNetworkHost
- 0x28d55:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.opjlpsercy.exe.400000.0.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.opjlpsercy.exe.400000.0.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x24f4d:$a: NanoCore
- 0x24f5d:$a: NanoCore
- 0x25191:$a: NanoCore
- 0x251a5:$a: NanoCore
- 0x251e5:$a: NanoCore
- 0x24fac:$b: ClientPlugin
- 0x251ae:$b: ClientPlugin
- 0x251ee:$b: ClientPlugin
- 0x250d3:$c: ProjectData
- 0x25ada:$d: DESCrypto
- 0x2d4a6:$e: KeepAlive
- 0x2b494:$g: LogClientMessage
- 0x2768f:$i: get_Connected
- 0x25e10:$j: #=q
- 0x25e40:$j: #=q
- 0x25e5c:$j: #=q
- 0x25e8c:$j: #=q
- 0x25ea8:$j: #=q
- 0x25ec4:$j: #=q
- 0x25ef4:$j: #=q
- 0x25f10:$j: #=q
|
7.2.opjlpsercy.exe.3346174.6.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x6da5:$x1: NanoCore.ClientPluginHost
- 0x6dd2:$x2: IClientNetworkHost
|
7.2.opjlpsercy.exe.3346174.6.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x6da5:$x2: NanoCore.ClientPluginHost
- 0x7d74:$s2: FileCommand
- 0xc776:$s4: PipeCreated
- 0x6dbf:$s5: IClientLoggingHost
|
5.2.vbc.exe.57e0000.31.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x5fee:$x1: NanoCore.ClientPluginHost
- 0x602b:$x2: IClientNetworkHost
|
5.2.vbc.exe.57e0000.31.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x5fee:$x2: NanoCore.ClientPluginHost
- 0x9441:$s4: PipeCreated
- 0x6018:$s5: IClientLoggingHost
|
5.2.vbc.exe.4c60000.13.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x4bbb:$x1: NanoCore.ClientPluginHost
- 0x4be5:$x2: IClientNetworkHost
|
5.2.vbc.exe.4c60000.13.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x4bbb:$x2: NanoCore.ClientPluginHost
- 0x6a6b:$s4: PipeCreated
|
5.2.vbc.exe.57b0000.29.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1d3db:$x1: NanoCore.ClientPluginHost
- 0x1d3f5:$x2: IClientNetworkHost
|
5.2.vbc.exe.57b0000.29.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1d3db:$x2: NanoCore.ClientPluginHost
- 0x20718:$s4: PipeCreated
- 0x1d3c8:$s5: IClientLoggingHost
|
5.2.vbc.exe.5070000.17.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x8ba5:$x1: NanoCore.ClientPluginHost
- 0x8bd2:$x2: IClientNetworkHost
|
5.2.vbc.exe.5070000.17.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x8ba5:$x2: NanoCore.ClientPluginHost
- 0x9b74:$s2: FileCommand
- 0xe576:$s4: PipeCreated
- 0x8bbf:$s5: IClientLoggingHost
|
7.2.opjlpsercy.exe.3173258.5.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
7.2.opjlpsercy.exe.3173258.5.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
7.2.opjlpsercy.exe.3173258.5.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
7.2.opjlpsercy.exe.3173258.5.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
5.2.vbc.exe.33c9f42.6.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x2dbb:$x1: NanoCore.ClientPluginHost
- 0x2de5:$x2: IClientNetworkHost
|
5.2.vbc.exe.33c9f42.6.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2dbb:$x2: NanoCore.ClientPluginHost
- 0x4c6b:$s4: PipeCreated
|
5.2.vbc.exe.33d6174.8.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x8ba5:$x1: NanoCore.ClientPluginHost
- 0x15d0e:$x1: NanoCore.ClientPluginHost
- 0x1c25c:$x1: NanoCore.ClientPluginHost
- 0x2222d:$x1: NanoCore.ClientPluginHost
- 0x2bc99:$x1: NanoCore.ClientPluginHost
- 0x360c4:$x1: NanoCore.ClientPluginHost
- 0x410a1:$x1: NanoCore.ClientPluginHost
- 0x4ce43:$x1: NanoCore.ClientPluginHost
- 0x6231b:$x1: NanoCore.ClientPluginHost
- 0x8a57d:$x1: NanoCore.ClientPluginHost
- 0x999bd:$x1: NanoCore.ClientPluginHost
- 0xb1859:$x1: NanoCore.ClientPluginHost
- 0xd9aa7:$x1: NanoCore.ClientPluginHost
- 0x8bd2:$x2: IClientNetworkHost
- 0x15d47:$x2: IClientNetworkHost
- 0x1c295:$x2: IClientNetworkHost
- 0x2bdf6:$x2: IClientNetworkHost
- 0x360fd:$x2: IClientNetworkHost
- 0x410bb:$x2: IClientNetworkHost
- 0x4ce5d:$x2: IClientNetworkHost
- 0x62348:$x2: IClientNetworkHost
|
5.2.vbc.exe.33d6174.8.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.2.vbc.exe.33d6174.8.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x8b7f:$a: NanoCore
- 0x8ba5:$a: NanoCore
- 0x8c01:$a: NanoCore
- 0x15a56:$a: NanoCore
- 0x15aaf:$a: NanoCore
- 0x15ae2:$a: NanoCore
- 0x15d0e:$a: NanoCore
- 0x15d8a:$a: NanoCore
- 0x163a3:$a: NanoCore
- 0x164ec:$a: NanoCore
- 0x169c0:$a: NanoCore
- 0x16ca7:$a: NanoCore
- 0x16cbe:$a: NanoCore
- 0x1c25c:$a: NanoCore
- 0x1c2d6:$a: NanoCore
- 0x20e73:$a: NanoCore
- 0x2222d:$a: NanoCore
- 0x22277:$a: NanoCore
- 0x22ed1:$a: NanoCore
- 0x2bc99:$a: NanoCore
- 0x2bd83:$a: NanoCore
|
5.1.vbc.exe.400000.0.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x215e5:$x1: NanoCore.ClientPluginHost
- 0x21622:$x2: IClientNetworkHost
- 0x25155:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
5.1.vbc.exe.400000.0.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.1.vbc.exe.400000.0.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x2134d:$a: NanoCore
- 0x2135d:$a: NanoCore
- 0x21591:$a: NanoCore
- 0x215a5:$a: NanoCore
- 0x215e5:$a: NanoCore
- 0x213ac:$b: ClientPlugin
- 0x215ae:$b: ClientPlugin
- 0x215ee:$b: ClientPlugin
- 0x214d3:$c: ProjectData
- 0x21eda:$d: DESCrypto
- 0x298a6:$e: KeepAlive
- 0x27894:$g: LogClientMessage
- 0x23a8f:$i: get_Connected
- 0x22210:$j: #=q
- 0x22240:$j: #=q
- 0x2225c:$j: #=q
- 0x2228c:$j: #=q
- 0x222a8:$j: #=q
- 0x222c4:$j: #=q
- 0x222f4:$j: #=q
- 0x22310:$j: #=q
|
5.2.vbc.exe.400000.1.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x251e5:$x1: NanoCore.ClientPluginHost
- 0x25222:$x2: IClientNetworkHost
- 0x28d55:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
5.2.vbc.exe.400000.1.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
5.2.vbc.exe.400000.1.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x24f4d:$a: NanoCore
- 0x24f5d:$a: NanoCore
- 0x25191:$a: NanoCore
- 0x251a5:$a: NanoCore
- 0x251e5:$a: NanoCore
- 0x24fac:$b: ClientPlugin
- 0x251ae:$b: ClientPlugin
- 0x251ee:$b: ClientPlugin
- 0x250d3:$c: ProjectData
- 0x25ada:$d: DESCrypto
- 0x2d4a6:$e: KeepAlive
- 0x2b494:$g: LogClientMessage
- 0x2768f:$i: get_Connected
- 0x25e10:$j: #=q
- 0x25e40:$j: #=q
- 0x25e5c:$j: #=q
- 0x25e8c:$j: #=q
- 0x25ea8:$j: #=q
- 0x25ec4:$j: #=q
- 0x25ef4:$j: #=q
- 0x25f10:$j: #=q
|
Click to see the 208 entries |