40.2.KetqqsbuJ.exe.6c50000.31.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x3d99:$x1: NanoCore.ClientPluginHost
- 0x3db3:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.6c50000.31.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x3d99:$x2: NanoCore.ClientPluginHost
- 0x4dce:$s4: PipeCreated
- 0x3d86:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.6c70000.32.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x350b:$x1: NanoCore.ClientPluginHost
- 0x3525:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.6c70000.32.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x350b:$x2: NanoCore.ClientPluginHost
- 0x52b6:$s4: PipeCreated
- 0x34f8:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.60a0000.24.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x8ba5:$x1: NanoCore.ClientPluginHost
- 0x8bd2:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.60a0000.24.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x8ba5:$x2: NanoCore.ClientPluginHost
- 0x9b74:$s2: FileCommand
- 0xe576:$s4: PipeCreated
- 0x8bbf:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.3cb81d4.6.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x10937:$x1: NanoCore.ClientPluginHost
- 0x10951:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.3cb81d4.6.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x10937:$x2: NanoCore.ClientPluginHost
- 0x13c74:$s4: PipeCreated
- 0x10924:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.5264629.19.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xb184:$x1: NanoCore.ClientPluginHost
- 0xb1b1:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.5264629.19.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xb184:$x2: NanoCore.ClientPluginHost
- 0xc25f:$s4: PipeCreated
- 0xb19e:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.5264629.19.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
40.2.KetqqsbuJ.exe.5260000.20.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xd9ad:$x1: NanoCore.ClientPluginHost
- 0xd9da:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.5260000.20.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xd9ad:$x2: NanoCore.ClientPluginHost
- 0xea88:$s4: PipeCreated
- 0xd9c7:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.5260000.20.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
22.2.images.exe.400000.2.unpack | MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth | - 0x16678:$a1: \Opera Software\Opera Stable\Login Data
- 0x169a0:$a2: \Comodo\Dragon\User Data\Default\Login Data
- 0x162e8:$a3: \Google\Chrome\User Data\Default\Login Data
|
22.2.images.exe.400000.2.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
22.2.images.exe.400000.2.unpack | JoeSecurity_AveMaria | Yara detected AveMaria stealer | Joe Security | |
22.2.images.exe.400000.2.unpack | AveMaria_WarZone | unknown | unknown | - 0x18720:$str1: cmd.exe /C ping 1.2.3.4 -n 2 -w 1000 > Nul & Del /f /q
- 0x18474:$str2: MsgBox.exe
- 0x18348:$str6: Ave_Maria
- 0x179e8:$str7: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
- 0x17008:$str8: SMTP Password
- 0x162e8:$str11: \Google\Chrome\User Data\Default\Login Data
- 0x179c0:$str12: \sqlmap.dll
|
40.2.KetqqsbuJ.exe.6cc0000.36.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x5fee:$x1: NanoCore.ClientPluginHost
- 0x602b:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.6cc0000.36.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x5fee:$x2: NanoCore.ClientPluginHost
- 0x9441:$s4: PipeCreated
- 0x6018:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.5260000.20.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xf7ad:$x1: NanoCore.ClientPluginHost
- 0xf7da:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.5260000.20.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xf7ad:$x2: NanoCore.ClientPluginHost
- 0x10888:$s4: PipeCreated
- 0xf7c7:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.5260000.20.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
40.2.KetqqsbuJ.exe.3d08a28.9.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xf7ad:$x1: NanoCore.ClientPluginHost
- 0xf7da:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.3d08a28.9.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xf7ad:$x2: NanoCore.ClientPluginHost
- 0x10888:$s4: PipeCreated
- 0xf7c7:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.3d08a28.9.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
40.2.KetqqsbuJ.exe.40006e6.16.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x350b:$x1: NanoCore.ClientPluginHost
- 0x2840f:$x1: NanoCore.ClientPluginHost
- 0x3784f:$x1: NanoCore.ClientPluginHost
- 0x3525:$x2: IClientNetworkHost
- 0x28429:$x2: IClientNetworkHost
- 0x3788c:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.40006e6.16.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x350b:$x2: NanoCore.ClientPluginHost
- 0x2840f:$x2: NanoCore.ClientPluginHost
- 0x3784f:$x2: NanoCore.ClientPluginHost
- 0x52b6:$s4: PipeCreated
- 0x2b74c:$s4: PipeCreated
- 0x3aca2:$s4: PipeCreated
- 0x34f8:$s5: IClientLoggingHost
- 0x283fc:$s5: IClientLoggingHost
- 0x37879:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.3e7fc2f.13.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x170b:$x1: NanoCore.ClientPluginHost
- 0x1725:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.3e7fc2f.13.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x170b:$x2: NanoCore.ClientPluginHost
- 0x34b6:$s4: PipeCreated
- 0x16f8:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.6c30000.29.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x3deb:$x1: NanoCore.ClientPluginHost
- 0x3f48:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.6c30000.29.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x3deb:$x2: NanoCore.ClientPluginHost
- 0x4d41:$s3: PipeExists
- 0x3fe1:$s4: PipeCreated
- 0x3e05:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.2d270d0.5.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x2dbb:$x1: NanoCore.ClientPluginHost
- 0x2de5:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.2d270d0.5.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2dbb:$x2: NanoCore.ClientPluginHost
- 0x4c6b:$s4: PipeCreated
|
40.2.KetqqsbuJ.exe.3d08a28.9.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xd9ad:$x1: NanoCore.ClientPluginHost
- 0xd9da:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.3d08a28.9.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xd9ad:$x2: NanoCore.ClientPluginHost
- 0xea88:$s4: PipeCreated
- 0xd9c7:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.3d08a28.9.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
40.2.KetqqsbuJ.exe.6c00000.26.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x3f0b:$x1: NanoCore.ClientPluginHost
- 0x3f44:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.6c00000.26.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x3f0b:$x2: NanoCore.ClientPluginHost
- 0x400f:$s4: PipeCreated
- 0x3f25:$s5: IClientLoggingHost
|
7.2.Xjf4yH9N2t.exe.400000.1.raw.unpack | MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth | - 0x18078:$a1: \Opera Software\Opera Stable\Login Data
- 0x183a0:$a2: \Comodo\Dragon\User Data\Default\Login Data
- 0x17ce8:$a3: \Google\Chrome\User Data\Default\Login Data
|
7.2.Xjf4yH9N2t.exe.400000.1.raw.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
7.2.Xjf4yH9N2t.exe.400000.1.raw.unpack | JoeSecurity_AveMaria | Yara detected AveMaria stealer | Joe Security | |
7.2.Xjf4yH9N2t.exe.400000.1.raw.unpack | AveMaria_WarZone | unknown | unknown | - 0x1a120:$str1: cmd.exe /C ping 1.2.3.4 -n 2 -w 1000 > Nul & Del /f /q
- 0x19e74:$str2: MsgBox.exe
- 0x19d48:$str6: Ave_Maria
- 0x193e8:$str7: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
- 0x18a08:$str8: SMTP Password
- 0x17ce8:$str11: \Google\Chrome\User Data\Default\Login Data
- 0x193c0:$str12: \sqlmap.dll
|
40.2.KetqqsbuJ.exe.5160000.18.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.5160000.18.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.40006e6.16.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x170b:$x1: NanoCore.ClientPluginHost
- 0x1725:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.40006e6.16.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x170b:$x2: NanoCore.ClientPluginHost
- 0x34b6:$s4: PipeCreated
- 0x16f8:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.3cae5cf.7.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1a53c:$x1: NanoCore.ClientPluginHost
- 0x1a556:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.3cae5cf.7.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1a53c:$x2: NanoCore.ClientPluginHost
- 0x1d879:$s4: PipeCreated
- 0x1a529:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.6c8e8a4.34.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x10937:$x1: NanoCore.ClientPluginHost
- 0x10951:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.6c8e8a4.34.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x10937:$x2: NanoCore.ClientPluginHost
- 0x13c74:$s4: PipeCreated
- 0x10924:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.400000.0.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
40.2.KetqqsbuJ.exe.400000.0.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.400000.0.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
40.2.KetqqsbuJ.exe.400000.0.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
7.2.Xjf4yH9N2t.exe.400000.1.unpack | MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth | - 0x16678:$a1: \Opera Software\Opera Stable\Login Data
- 0x169a0:$a2: \Comodo\Dragon\User Data\Default\Login Data
- 0x162e8:$a3: \Google\Chrome\User Data\Default\Login Data
|
7.2.Xjf4yH9N2t.exe.400000.1.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
7.2.Xjf4yH9N2t.exe.400000.1.unpack | JoeSecurity_AveMaria | Yara detected AveMaria stealer | Joe Security | |
7.2.Xjf4yH9N2t.exe.400000.1.unpack | AveMaria_WarZone | unknown | unknown | - 0x18720:$str1: cmd.exe /C ping 1.2.3.4 -n 2 -w 1000 > Nul & Del /f /q
- 0x18474:$str2: MsgBox.exe
- 0x18348:$str6: Ave_Maria
- 0x179e8:$str7: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
- 0x17008:$str8: SMTP Password
- 0x162e8:$str11: \Google\Chrome\User Data\Default\Login Data
- 0x179c0:$str12: \sqlmap.dll
|
40.2.KetqqsbuJ.exe.2d479bc.3.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x16e3:$x1: NanoCore.ClientPluginHost
- 0xb577:$x1: NanoCore.ClientPluginHost
- 0x134e1:$x1: NanoCore.ClientPluginHost
- 0x1d1e4:$x1: NanoCore.ClientPluginHost
- 0x26c93:$x1: NanoCore.ClientPluginHost
- 0x31103:$x1: NanoCore.ClientPluginHost
- 0x3c129:$x1: NanoCore.ClientPluginHost
- 0x47f13:$x1: NanoCore.ClientPluginHost
- 0x53cd2:$x1: NanoCore.ClientPluginHost
- 0x171c:$x2: IClientNetworkHost
- 0xb5b0:$x2: IClientNetworkHost
- 0x1351a:$x2: IClientNetworkHost
- 0x26df0:$x2: IClientNetworkHost
- 0x3113c:$x2: IClientNetworkHost
- 0x3c143:$x2: IClientNetworkHost
- 0x47f2d:$x2: IClientNetworkHost
- 0x53d0f:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.2d479bc.3.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x16e3:$x2: NanoCore.ClientPluginHost
- 0xb577:$x2: NanoCore.ClientPluginHost
- 0x134e1:$x2: NanoCore.ClientPluginHost
- 0x1d1e4:$x2: NanoCore.ClientPluginHost
- 0x26c93:$x2: NanoCore.ClientPluginHost
- 0x31103:$x2: NanoCore.ClientPluginHost
- 0x3c129:$x2: NanoCore.ClientPluginHost
- 0x47f13:$x2: NanoCore.ClientPluginHost
- 0x53cd2:$x2: NanoCore.ClientPluginHost
- 0x27be9:$s3: PipeExists
- 0x1800:$s4: PipeCreated
- 0xb67b:$s4: PipeCreated
- 0x135fc:$s4: PipeCreated
- 0x1d2c2:$s4: PipeCreated
- 0x26e89:$s4: PipeCreated
- 0x3124e:$s4: PipeCreated
- 0x3d15e:$s4: PipeCreated
- 0x49cbe:$s4: PipeCreated
- 0x57125:$s4: PipeCreated
- 0x16fd:$s5: IClientLoggingHost
- 0xb591:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.2d479bc.3.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x142b:$a: NanoCore
- 0x1484:$a: NanoCore
- 0x14b7:$a: NanoCore
- 0x16e3:$a: NanoCore
- 0x175f:$a: NanoCore
- 0x1d78:$a: NanoCore
- 0x1ec1:$a: NanoCore
- 0x2395:$a: NanoCore
- 0x267c:$a: NanoCore
- 0x2693:$a: NanoCore
- 0xb577:$a: NanoCore
- 0xb5f3:$a: NanoCore
- 0xded6:$a: NanoCore
- 0x134e1:$a: NanoCore
- 0x1355b:$a: NanoCore
- 0x1d1e4:$a: NanoCore
- 0x1d22e:$a: NanoCore
- 0x1de88:$a: NanoCore
- 0x26c93:$a: NanoCore
- 0x26d7d:$a: NanoCore
- 0x27bf4:$a: NanoCore
|
40.2.KetqqsbuJ.exe.2cf4ec4.2.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.2cf4ec4.2.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.3fe9487.14.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x39eb:$x1: NanoCore.ClientPluginHost
- 0xe9c8:$x1: NanoCore.ClientPluginHost
- 0x1a76a:$x1: NanoCore.ClientPluginHost
- 0x3f66e:$x1: NanoCore.ClientPluginHost
- 0x4eaae:$x1: NanoCore.ClientPluginHost
- 0x3a24:$x2: IClientNetworkHost
- 0xe9e2:$x2: IClientNetworkHost
- 0x1a784:$x2: IClientNetworkHost
- 0x3f688:$x2: IClientNetworkHost
- 0x4eaeb:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.3fe9487.14.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x39eb:$x2: NanoCore.ClientPluginHost
- 0xe9c8:$x2: NanoCore.ClientPluginHost
- 0x1a76a:$x2: NanoCore.ClientPluginHost
- 0x3f66e:$x2: NanoCore.ClientPluginHost
- 0x4eaae:$x2: NanoCore.ClientPluginHost
- 0x3b36:$s4: PipeCreated
- 0xf9fd:$s4: PipeCreated
- 0x1c515:$s4: PipeCreated
- 0x429ab:$s4: PipeCreated
- 0x51f01:$s4: PipeCreated
- 0x3a05:$s5: IClientLoggingHost
- 0xe9b5:$s5: IClientLoggingHost
- 0x1a757:$s5: IClientLoggingHost
- 0x3f65b:$s5: IClientLoggingHost
- 0x4ead8:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.3fe9487.14.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x36cb:$a: NanoCore
- 0x372c:$a: NanoCore
- 0x376f:$a: NanoCore
- 0x37af:$a: NanoCore
- 0x39eb:$a: NanoCore
- 0x3a8b:$a: NanoCore
- 0x4263:$a: NanoCore
- 0x4856:$a: NanoCore
- 0x49a7:$a: NanoCore
- 0x5801:$a: NanoCore
- 0x5a68:$a: NanoCore
- 0x5a7d:$a: NanoCore
- 0x5a9c:$a: NanoCore
- 0xe99f:$a: NanoCore
- 0xe9c8:$a: NanoCore
- 0x1a741:$a: NanoCore
- 0x1a76a:$a: NanoCore
- 0x3f62d:$a: NanoCore
- 0x3f645:$a: NanoCore
- 0x3f66e:$a: NanoCore
- 0x4ea71:$a: NanoCore
|
40.2.KetqqsbuJ.exe.3ca9930.8.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1f1db:$x1: NanoCore.ClientPluginHost
- 0x1f1f5:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.3ca9930.8.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1f1db:$x2: NanoCore.ClientPluginHost
- 0x22518:$s4: PipeCreated
- 0x1f1c8:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.3ff22b6.15.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x3d99:$x1: NanoCore.ClientPluginHost
- 0xcd3b:$x1: NanoCore.ClientPluginHost
- 0x3db3:$x2: IClientNetworkHost
- 0xcd55:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.3ff22b6.15.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x3d99:$x2: NanoCore.ClientPluginHost
- 0xcd3b:$x2: NanoCore.ClientPluginHost
- 0x4dce:$s4: PipeCreated
- 0x3d86:$s5: IClientLoggingHost
- 0xcd28:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.5280000.21.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x4bbb:$x1: NanoCore.ClientPluginHost
- 0x4be5:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.5280000.21.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x4bbb:$x2: NanoCore.ClientPluginHost
- 0x6a6b:$s4: PipeCreated
|
40.2.KetqqsbuJ.exe.6c20000.28.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x13a8:$x1: NanoCore.ClientPluginHost
|
40.2.KetqqsbuJ.exe.6c20000.28.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x13a8:$x2: NanoCore.ClientPluginHost
- 0x1486:$s4: PipeCreated
- 0x13c2:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.6c84c9f.33.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1a53c:$x1: NanoCore.ClientPluginHost
- 0x1a556:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.6c84c9f.33.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1a53c:$x2: NanoCore.ClientPluginHost
- 0x1d879:$s4: PipeCreated
- 0x1a529:$s5: IClientLoggingHost
|
22.2.images.exe.400000.2.raw.unpack | MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth | - 0x18078:$a1: \Opera Software\Opera Stable\Login Data
- 0x183a0:$a2: \Comodo\Dragon\User Data\Default\Login Data
- 0x17ce8:$a3: \Google\Chrome\User Data\Default\Login Data
|
22.2.images.exe.400000.2.raw.unpack | JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | |
22.2.images.exe.400000.2.raw.unpack | JoeSecurity_AveMaria | Yara detected AveMaria stealer | Joe Security | |
22.2.images.exe.400000.2.raw.unpack | AveMaria_WarZone | unknown | unknown | - 0x1a120:$str1: cmd.exe /C ping 1.2.3.4 -n 2 -w 1000 > Nul & Del /f /q
- 0x19e74:$str2: MsgBox.exe
- 0x19d48:$str6: Ave_Maria
- 0x193e8:$str7: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
- 0x18a08:$str8: SMTP Password
- 0x17ce8:$str11: \Google\Chrome\User Data\Default\Login Data
- 0x193c0:$str12: \sqlmap.dll
|
40.2.KetqqsbuJ.exe.6c70000.32.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x170b:$x1: NanoCore.ClientPluginHost
- 0x1725:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.6c70000.32.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x170b:$x2: NanoCore.ClientPluginHost
- 0x34b6:$s4: PipeCreated
- 0x16f8:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.6c40000.30.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1deb:$x1: NanoCore.ClientPluginHost
- 0x1e24:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.6c40000.30.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1deb:$x2: NanoCore.ClientPluginHost
- 0x1f36:$s4: PipeCreated
- 0x1e05:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.6ab0000.25.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x16e3:$x1: NanoCore.ClientPluginHost
- 0x171c:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.6ab0000.25.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x16e3:$x2: NanoCore.ClientPluginHost
- 0x1800:$s4: PipeCreated
- 0x16fd:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.60a0000.24.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x6da5:$x1: NanoCore.ClientPluginHost
- 0x6dd2:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.60a0000.24.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x6da5:$x2: NanoCore.ClientPluginHost
- 0x7d74:$s2: FileCommand
- 0xc776:$s4: PipeCreated
- 0x6dbf:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.6c40000.30.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x39eb:$x1: NanoCore.ClientPluginHost
- 0x3a24:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.6c40000.30.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x39eb:$x2: NanoCore.ClientPluginHost
- 0x3b36:$s4: PipeCreated
- 0x3a05:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.6c50000.31.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x5b99:$x1: NanoCore.ClientPluginHost
- 0x5bb3:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.6c50000.31.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x5b99:$x2: NanoCore.ClientPluginHost
- 0x6bce:$s4: PipeCreated
- 0x5b86:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.3ff22b6.15.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x5b99:$x1: NanoCore.ClientPluginHost
- 0x1193b:$x1: NanoCore.ClientPluginHost
- 0x3683f:$x1: NanoCore.ClientPluginHost
- 0x45c7f:$x1: NanoCore.ClientPluginHost
- 0x5bb3:$x2: IClientNetworkHost
- 0x11955:$x2: IClientNetworkHost
- 0x36859:$x2: IClientNetworkHost
- 0x45cbc:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.3ff22b6.15.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x5b99:$x2: NanoCore.ClientPluginHost
- 0x1193b:$x2: NanoCore.ClientPluginHost
- 0x3683f:$x2: NanoCore.ClientPluginHost
- 0x45c7f:$x2: NanoCore.ClientPluginHost
- 0x6bce:$s4: PipeCreated
- 0x136e6:$s4: PipeCreated
- 0x39b7c:$s4: PipeCreated
- 0x490d2:$s4: PipeCreated
- 0x5b86:$s5: IClientLoggingHost
- 0x11928:$s5: IClientLoggingHost
- 0x3682c:$s5: IClientLoggingHost
- 0x45ca9:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.3e8db04.11.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
40.2.KetqqsbuJ.exe.3e8db04.11.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x1a4fb:$a: NanoCore
- 0x1a513:$a: NanoCore
- 0x1a53c:$a: NanoCore
- 0x29941:$a: NanoCore
- 0x29959:$a: NanoCore
- 0x2997e:$a: NanoCore
- 0x32b9d:$a: NanoCore
- 0x32bf6:$a: NanoCore
- 0x32c33:$a: NanoCore
- 0x32cac:$a: NanoCore
- 0x46357:$a: NanoCore
- 0x4636c:$a: NanoCore
- 0x463a1:$a: NanoCore
- 0x53fb6:$a: NanoCore
- 0x53fdb:$a: NanoCore
- 0x54034:$a: NanoCore
- 0x641d1:$a: NanoCore
- 0x641f7:$a: NanoCore
- 0x64253:$a: NanoCore
- 0x710a8:$a: NanoCore
- 0x71101:$a: NanoCore
|
40.2.KetqqsbuJ.exe.3e88e65.12.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1d3db:$x1: NanoCore.ClientPluginHost
- 0x1d3f5:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.3e88e65.12.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1d3db:$x2: NanoCore.ClientPluginHost
- 0x20718:$s4: PipeCreated
- 0x1d3c8:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.6c10000.27.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x605:$x1: NanoCore.ClientPluginHost
- 0x63e:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.6c10000.27.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x605:$x2: NanoCore.ClientPluginHost
- 0x720:$s4: PipeCreated
- 0x61f:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.3ca9930.8.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1d3db:$x1: NanoCore.ClientPluginHost
- 0x1d3f5:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.3ca9930.8.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1d3db:$x2: NanoCore.ClientPluginHost
- 0x20718:$s4: PipeCreated
- 0x1d3c8:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.6c10000.27.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x2205:$x1: NanoCore.ClientPluginHost
- 0x223e:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.6c10000.27.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2205:$x2: NanoCore.ClientPluginHost
- 0x2320:$s4: PipeCreated
- 0x221f:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.6cc0000.36.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x41ee:$x1: NanoCore.ClientPluginHost
- 0x422b:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.6cc0000.36.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x41ee:$x2: NanoCore.ClientPluginHost
- 0x7641:$s4: PipeCreated
- 0x4218:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.2d3334c.4.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x8ba5:$x1: NanoCore.ClientPluginHost
- 0x15d53:$x1: NanoCore.ClientPluginHost
- 0x1fbe7:$x1: NanoCore.ClientPluginHost
- 0x27b51:$x1: NanoCore.ClientPluginHost
- 0x31854:$x1: NanoCore.ClientPluginHost
- 0x3b303:$x1: NanoCore.ClientPluginHost
- 0x45773:$x1: NanoCore.ClientPluginHost
- 0x50799:$x1: NanoCore.ClientPluginHost
- 0x5c583:$x1: NanoCore.ClientPluginHost
- 0x68342:$x1: NanoCore.ClientPluginHost
- 0x8bd2:$x2: IClientNetworkHost
- 0x15d8c:$x2: IClientNetworkHost
- 0x1fc20:$x2: IClientNetworkHost
- 0x27b8a:$x2: IClientNetworkHost
- 0x3b460:$x2: IClientNetworkHost
- 0x457ac:$x2: IClientNetworkHost
- 0x507b3:$x2: IClientNetworkHost
- 0x5c59d:$x2: IClientNetworkHost
- 0x6837f:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.2d3334c.4.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x8ba5:$x2: NanoCore.ClientPluginHost
- 0x15d53:$x2: NanoCore.ClientPluginHost
- 0x1fbe7:$x2: NanoCore.ClientPluginHost
- 0x27b51:$x2: NanoCore.ClientPluginHost
- 0x31854:$x2: NanoCore.ClientPluginHost
- 0x3b303:$x2: NanoCore.ClientPluginHost
- 0x45773:$x2: NanoCore.ClientPluginHost
- 0x50799:$x2: NanoCore.ClientPluginHost
- 0x5c583:$x2: NanoCore.ClientPluginHost
- 0x68342:$x2: NanoCore.ClientPluginHost
- 0x9b74:$s2: FileCommand
- 0x3c259:$s3: PipeExists
- 0xe576:$s4: PipeCreated
- 0x15e70:$s4: PipeCreated
- 0x1fceb:$s4: PipeCreated
- 0x27c6c:$s4: PipeCreated
- 0x31932:$s4: PipeCreated
- 0x3b4f9:$s4: PipeCreated
- 0x458be:$s4: PipeCreated
- 0x517ce:$s4: PipeCreated
- 0x5e32e:$s4: PipeCreated
|
40.2.KetqqsbuJ.exe.2d3334c.4.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x8b7f:$a: NanoCore
- 0x8ba5:$a: NanoCore
- 0x8c01:$a: NanoCore
- 0x15a9b:$a: NanoCore
- 0x15af4:$a: NanoCore
- 0x15b27:$a: NanoCore
- 0x15d53:$a: NanoCore
- 0x15dcf:$a: NanoCore
- 0x163e8:$a: NanoCore
- 0x16531:$a: NanoCore
- 0x16a05:$a: NanoCore
- 0x16cec:$a: NanoCore
- 0x16d03:$a: NanoCore
- 0x1fbe7:$a: NanoCore
- 0x1fc63:$a: NanoCore
- 0x22546:$a: NanoCore
- 0x27b51:$a: NanoCore
- 0x27bcb:$a: NanoCore
- 0x31854:$a: NanoCore
- 0x3189e:$a: NanoCore
- 0x324f8:$a: NanoCore
|
40.2.KetqqsbuJ.exe.6c00000.26.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x5b0b:$x1: NanoCore.ClientPluginHost
- 0x5b44:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.6c00000.26.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x5b0b:$x2: NanoCore.ClientPluginHost
- 0x5c0f:$s4: PipeCreated
- 0x5b25:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.6c80000.35.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1f1db:$x1: NanoCore.ClientPluginHost
- 0x1f1f5:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.6c80000.35.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1f1db:$x2: NanoCore.ClientPluginHost
- 0x22518:$s4: PipeCreated
- 0x1f1c8:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.2d3334c.4.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x6da5:$x1: NanoCore.ClientPluginHost
- 0x6dd2:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.2d3334c.4.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x6da5:$x2: NanoCore.ClientPluginHost
- 0x7d74:$s2: FileCommand
- 0xc776:$s4: PipeCreated
- 0x6dbf:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.6c30000.29.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x59eb:$x1: NanoCore.ClientPluginHost
- 0x5b48:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.6c30000.29.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x59eb:$x2: NanoCore.ClientPluginHost
- 0x6941:$s3: PipeExists
- 0x5be1:$s4: PipeCreated
- 0x5a05:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.3fe9487.14.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1deb:$x1: NanoCore.ClientPluginHost
- 0x1e24:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.3fe9487.14.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1deb:$x2: NanoCore.ClientPluginHost
- 0x1f36:$s4: PipeCreated
- 0x1e05:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.6c80000.35.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1d3db:$x1: NanoCore.ClientPluginHost
- 0x1d3f5:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.6c80000.35.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1d3db:$x2: NanoCore.ClientPluginHost
- 0x20718:$s4: PipeCreated
- 0x1d3c8:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.5280000.21.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x2dbb:$x1: NanoCore.ClientPluginHost
- 0x2de5:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.5280000.21.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2dbb:$x2: NanoCore.ClientPluginHost
- 0x4c6b:$s4: PipeCreated
|
40.2.KetqqsbuJ.exe.3d0d051.10.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xb184:$x1: NanoCore.ClientPluginHost
- 0xb1b1:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.3d0d051.10.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xb184:$x2: NanoCore.ClientPluginHost
- 0xc25f:$s4: PipeCreated
- 0xb19e:$s5: IClientLoggingHost
|
40.2.KetqqsbuJ.exe.3d0d051.10.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
40.2.KetqqsbuJ.exe.2d270d0.5.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x4bbb:$x1: NanoCore.ClientPluginHost
- 0x14e21:$x1: NanoCore.ClientPluginHost
- 0x21fcf:$x1: NanoCore.ClientPluginHost
- 0x2be63:$x1: NanoCore.ClientPluginHost
- 0x33dcd:$x1: NanoCore.ClientPluginHost
- 0x3dad0:$x1: NanoCore.ClientPluginHost
- 0x4757f:$x1: NanoCore.ClientPluginHost
- 0x519ef:$x1: NanoCore.ClientPluginHost
- 0x5ca15:$x1: NanoCore.ClientPluginHost
- 0x687ff:$x1: NanoCore.ClientPluginHost
- 0x745be:$x1: NanoCore.ClientPluginHost
- 0x4be5:$x2: IClientNetworkHost
- 0x14e4e:$x2: IClientNetworkHost
- 0x22008:$x2: IClientNetworkHost
- 0x2be9c:$x2: IClientNetworkHost
- 0x33e06:$x2: IClientNetworkHost
- 0x476dc:$x2: IClientNetworkHost
- 0x51a28:$x2: IClientNetworkHost
- 0x5ca2f:$x2: IClientNetworkHost
- 0x68819:$x2: IClientNetworkHost
- 0x745fb:$x2: IClientNetworkHost
|
40.2.KetqqsbuJ.exe.2d270d0.5.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x4bbb:$x2: NanoCore.ClientPluginHost
- 0x14e21:$x2: NanoCore.ClientPluginHost
- 0x21fcf:$x2: NanoCore.ClientPluginHost
- 0x2be63:$x2: NanoCore.ClientPluginHost
- 0x33dcd:$x2: NanoCore.ClientPluginHost
- 0x3dad0:$x2: NanoCore.ClientPluginHost
- 0x4757f:$x2: NanoCore.ClientPluginHost
- 0x519ef:$x2: NanoCore.ClientPluginHost
- 0x5ca15:$x2: NanoCore.ClientPluginHost
- 0x687ff:$x2: NanoCore.ClientPluginHost
- 0x745be:$x2: NanoCore.ClientPluginHost
- 0x15df0:$s2: FileCommand
- 0x484d5:$s3: PipeExists
- 0x6a6b:$s4: PipeCreated
- 0x1a7f2:$s4: PipeCreated
- 0x220ec:$s4: PipeCreated
- 0x2bf67:$s4: PipeCreated
- 0x33ee8:$s4: PipeCreated
- 0x3dbae:$s4: PipeCreated
- 0x47775:$s4: PipeCreated
- 0x51b3a:$s4: PipeCreated
|
40.2.KetqqsbuJ.exe.2d270d0.5.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x4b96:$a: NanoCore
- 0x4bbb:$a: NanoCore
- 0x4c14:$a: NanoCore
- 0x14dfb:$a: NanoCore
- 0x14e21:$a: NanoCore
- 0x14e7d:$a: NanoCore
- 0x21d17:$a: NanoCore
- 0x21d70:$a: NanoCore
- 0x21da3:$a: NanoCore
- 0x21fcf:$a: NanoCore
- 0x2204b:$a: NanoCore
- 0x22664:$a: NanoCore
- 0x227ad:$a: NanoCore
- 0x22c81:$a: NanoCore
- 0x22f68:$a: NanoCore
- 0x22f7f:$a: NanoCore
- 0x2be63:$a: NanoCore
- 0x2bedf:$a: NanoCore
- 0x2e7c2:$a: NanoCore
- 0x33dcd:$a: NanoCore
- 0x33e47:$a: NanoCore
|
40.2.KetqqsbuJ.exe.3e7fc2f.13.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
40.2.KetqqsbuJ.exe.3e7fc2f.13.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x34e2:$a: NanoCore
- 0x350b:$a: NanoCore
- 0x283d0:$a: NanoCore
- 0x283e8:$a: NanoCore
- 0x28411:$a: NanoCore
- 0x37816:$a: NanoCore
- 0x3782e:$a: NanoCore
- 0x37853:$a: NanoCore
- 0x40a72:$a: NanoCore
- 0x40acb:$a: NanoCore
- 0x40b08:$a: NanoCore
- 0x40b81:$a: NanoCore
- 0x5422c:$a: NanoCore
- 0x54241:$a: NanoCore
- 0x54276:$a: NanoCore
- 0x61e8b:$a: NanoCore
- 0x61eb0:$a: NanoCore
- 0x61f09:$a: NanoCore
- 0x720a6:$a: NanoCore
- 0x720cc:$a: NanoCore
- 0x72128:$a: NanoCore
|
40.2.KetqqsbuJ.exe.3e88e65.12.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
40.2.KetqqsbuJ.exe.3e88e65.12.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x1f19a:$a: NanoCore
- 0x1f1b2:$a: NanoCore
- 0x1f1db:$a: NanoCore
- 0x2e5e0:$a: NanoCore
- 0x2e5f8:$a: NanoCore
- 0x2e61d:$a: NanoCore
- 0x3783c:$a: NanoCore
- 0x37895:$a: NanoCore
- 0x378d2:$a: NanoCore
- 0x3794b:$a: NanoCore
- 0x4aff6:$a: NanoCore
- 0x4b00b:$a: NanoCore
- 0x4b040:$a: NanoCore
- 0x58c55:$a: NanoCore
- 0x58c7a:$a: NanoCore
- 0x58cd3:$a: NanoCore
- 0x68e70:$a: NanoCore
- 0x68e96:$a: NanoCore
- 0x68ef2:$a: NanoCore
- 0x75d47:$a: NanoCore
- 0x75da0:$a: NanoCore
|
Click to see the 129 entries |