16.2.smtpsvc.exe.2564e04.2.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
|
16.2.smtpsvc.exe.2564e04.2.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
|
16.2.smtpsvc.exe.358b34e.4.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0x145e3:$x1: NanoCore.ClientPluginHost
- 0x2d5bf:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
- 0x14610:$x2: IClientNetworkHost
- 0x2d5ec:$x2: IClientNetworkHost
|
16.2.smtpsvc.exe.358b34e.4.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x145e3:$x2: NanoCore.ClientPluginHost
- 0x2d5bf:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0x156be:$s4: PipeCreated
- 0x2e69a:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
- 0x145fd:$s5: IClientLoggingHost
- 0x2d5d9:$s5: IClientLoggingHost
|
16.2.smtpsvc.exe.358b34e.4.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
16.2.smtpsvc.exe.358b34e.4.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xddf:$a: NanoCore
- 0xe38:$a: NanoCore
- 0xe75:$a: NanoCore
- 0xeee:$a: NanoCore
- 0x14599:$a: NanoCore
- 0x145ae:$a: NanoCore
- 0x145e3:$a: NanoCore
- 0x2d575:$a: NanoCore
- 0x2d58a:$a: NanoCore
- 0x2d5bf:$a: NanoCore
- 0xe41:$b: ClientPlugin
- 0xe7e:$b: ClientPlugin
- 0x177c:$b: ClientPlugin
- 0x1789:$b: ClientPlugin
- 0x14355:$b: ClientPlugin
- 0x14370:$b: ClientPlugin
- 0x143a0:$b: ClientPlugin
- 0x145b7:$b: ClientPlugin
- 0x145ec:$b: ClientPlugin
- 0x2d331:$b: ClientPlugin
- 0x2d34c:$b: ClientPlugin
|
4.2.ALP.exe.376af3e.32.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x170b:$x1: NanoCore.ClientPluginHost
- 0x1725:$x2: IClientNetworkHost
|
4.2.ALP.exe.376af3e.32.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x170b:$x2: NanoCore.ClientPluginHost
- 0x34b6:$s4: PipeCreated
- 0x16f8:$s5: IClientLoggingHost
|
4.2.ALP.exe.376af3e.32.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x350b:$x1: NanoCore.ClientPluginHost
- 0x2840f:$x1: NanoCore.ClientPluginHost
- 0x3784f:$x1: NanoCore.ClientPluginHost
- 0x3525:$x2: IClientNetworkHost
- 0x28429:$x2: IClientNetworkHost
- 0x3788c:$x2: IClientNetworkHost
|
4.2.ALP.exe.376af3e.32.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x350b:$x2: NanoCore.ClientPluginHost
- 0x2840f:$x2: NanoCore.ClientPluginHost
- 0x3784f:$x2: NanoCore.ClientPluginHost
- 0x52b6:$s4: PipeCreated
- 0x2b74c:$s4: PipeCreated
- 0x3aca2:$s4: PipeCreated
- 0x34f8:$s5: IClientLoggingHost
- 0x283fc:$s5: IClientLoggingHost
- 0x37879:$s5: IClientLoggingHost
|
4.2.ALP.exe.3601ae8.28.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1d3db:$x1: NanoCore.ClientPluginHost
- 0x1d3f5:$x2: IClientNetworkHost
|
4.2.ALP.exe.3601ae8.28.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1d3db:$x2: NanoCore.ClientPluginHost
- 0x20718:$s4: PipeCreated
- 0x1d3c8:$s5: IClientLoggingHost
|
4.2.ALP.exe.8a0000.11.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x3deb:$x1: NanoCore.ClientPluginHost
- 0x3f48:$x2: IClientNetworkHost
|
4.2.ALP.exe.8a0000.11.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x3deb:$x2: NanoCore.ClientPluginHost
- 0x4d41:$s3: PipeExists
- 0x3fe1:$s4: PipeCreated
- 0x3e05:$s5: IClientLoggingHost
|
4.2.ALP.exe.21d0000.16.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x5fee:$x1: NanoCore.ClientPluginHost
- 0x602b:$x2: IClientNetworkHost
|
4.2.ALP.exe.21d0000.16.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x5fee:$x2: NanoCore.ClientPluginHost
- 0x9441:$s4: PipeCreated
- 0x6018:$s5: IClientLoggingHost
|
4.2.ALP.exe.3753cdf.31.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1deb:$x1: NanoCore.ClientPluginHost
- 0x1e24:$x2: IClientNetworkHost
|
4.2.ALP.exe.3753cdf.31.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1deb:$x2: NanoCore.ClientPluginHost
- 0x1f36:$s4: PipeCreated
- 0x1e05:$s5: IClientLoggingHost
|
4.2.ALP.exe.400000.0.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
4.2.ALP.exe.400000.0.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
4.2.ALP.exe.400000.0.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.ALP.exe.400000.0.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
4.2.ALP.exe.230e8a4.17.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x10937:$x1: NanoCore.ClientPluginHost
- 0x10951:$x2: IClientNetworkHost
|
4.2.ALP.exe.230e8a4.17.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x10937:$x2: NanoCore.ClientPluginHost
- 0x13c74:$s4: PipeCreated
- 0x10924:$s5: IClientLoggingHost
|
14.2.ALP.exe.3320184.4.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xd9ad:$x1: NanoCore.ClientPluginHost
- 0xd9da:$x2: IClientNetworkHost
|
14.2.ALP.exe.3320184.4.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xd9ad:$x2: NanoCore.ClientPluginHost
- 0xea88:$s4: PipeCreated
- 0xd9c7:$s5: IClientLoggingHost
|
14.2.ALP.exe.3320184.4.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.ALP.exe.790000.6.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x6da5:$x1: NanoCore.ClientPluginHost
- 0x6dd2:$x2: IClientNetworkHost
|
4.2.ALP.exe.790000.6.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x6da5:$x2: NanoCore.ClientPluginHost
- 0x7d74:$s2: FileCommand
- 0xc776:$s4: PipeCreated
- 0x6dbf:$s5: IClientLoggingHost
|
17.2.smtpsvc.exe.327b34e.4.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0x145e3:$x1: NanoCore.ClientPluginHost
- 0x2d5bf:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
- 0x14610:$x2: IClientNetworkHost
- 0x2d5ec:$x2: IClientNetworkHost
|
17.2.smtpsvc.exe.327b34e.4.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x145e3:$x2: NanoCore.ClientPluginHost
- 0x2d5bf:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0x156be:$s4: PipeCreated
- 0x2e69a:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
- 0x145fd:$s5: IClientLoggingHost
- 0x2d5d9:$s5: IClientLoggingHost
|
17.2.smtpsvc.exe.327b34e.4.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
17.2.smtpsvc.exe.327b34e.4.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xddf:$a: NanoCore
- 0xe38:$a: NanoCore
- 0xe75:$a: NanoCore
- 0xeee:$a: NanoCore
- 0x14599:$a: NanoCore
- 0x145ae:$a: NanoCore
- 0x145e3:$a: NanoCore
- 0x2d575:$a: NanoCore
- 0x2d58a:$a: NanoCore
- 0x2d5bf:$a: NanoCore
- 0xe41:$b: ClientPlugin
- 0xe7e:$b: ClientPlugin
- 0x177c:$b: ClientPlugin
- 0x1789:$b: ClientPlugin
- 0x14355:$b: ClientPlugin
- 0x14370:$b: ClientPlugin
- 0x143a0:$b: ClientPlugin
- 0x145b7:$b: ClientPlugin
- 0x145ec:$b: ClientPlugin
- 0x2d331:$b: ClientPlugin
- 0x2d34c:$b: ClientPlugin
|
4.2.ALP.exe.470000.1.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
|
4.2.ALP.exe.470000.1.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
|
16.2.smtpsvc.exe.3590184.3.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xd9ad:$x1: NanoCore.ClientPluginHost
- 0xd9da:$x2: IClientNetworkHost
|
16.2.smtpsvc.exe.3590184.3.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xd9ad:$x2: NanoCore.ClientPluginHost
- 0xea88:$s4: PipeCreated
- 0xd9c7:$s5: IClientLoggingHost
|
16.2.smtpsvc.exe.3590184.3.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
10.2.ALP.exe.3318cc8.6.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
10.2.ALP.exe.3318cc8.6.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
10.2.ALP.exe.3318cc8.6.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
10.2.ALP.exe.3318cc8.6.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
4.2.ALP.exe.820000.8.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x3f0b:$x1: NanoCore.ClientPluginHost
- 0x3f44:$x2: IClientNetworkHost
|
4.2.ALP.exe.820000.8.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x3f0b:$x2: NanoCore.ClientPluginHost
- 0x400f:$s4: PipeCreated
- 0x3f25:$s5: IClientLoggingHost
|
4.2.ALP.exe.3753cdf.31.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x39eb:$x1: NanoCore.ClientPluginHost
- 0xe9c8:$x1: NanoCore.ClientPluginHost
- 0x1a76a:$x1: NanoCore.ClientPluginHost
- 0x3f66e:$x1: NanoCore.ClientPluginHost
- 0x4eaae:$x1: NanoCore.ClientPluginHost
- 0x3a24:$x2: IClientNetworkHost
- 0xe9e2:$x2: IClientNetworkHost
- 0x1a784:$x2: IClientNetworkHost
- 0x3f688:$x2: IClientNetworkHost
- 0x4eaeb:$x2: IClientNetworkHost
|
4.2.ALP.exe.3753cdf.31.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x39eb:$x2: NanoCore.ClientPluginHost
- 0xe9c8:$x2: NanoCore.ClientPluginHost
- 0x1a76a:$x2: NanoCore.ClientPluginHost
- 0x3f66e:$x2: NanoCore.ClientPluginHost
- 0x4eaae:$x2: NanoCore.ClientPluginHost
- 0x3b36:$s4: PipeCreated
- 0xf9fd:$s4: PipeCreated
- 0x1c515:$s4: PipeCreated
- 0x429ab:$s4: PipeCreated
- 0x51f01:$s4: PipeCreated
- 0x3a05:$s5: IClientLoggingHost
- 0xe9b5:$s5: IClientLoggingHost
- 0x1a757:$s5: IClientLoggingHost
- 0x3f65b:$s5: IClientLoggingHost
- 0x4ead8:$s5: IClientLoggingHost
|
4.2.ALP.exe.3753cdf.31.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x36cb:$a: NanoCore
- 0x372c:$a: NanoCore
- 0x376f:$a: NanoCore
- 0x37af:$a: NanoCore
- 0x39eb:$a: NanoCore
- 0x3a8b:$a: NanoCore
- 0x4263:$a: NanoCore
- 0x4856:$a: NanoCore
- 0x49a7:$a: NanoCore
- 0x5801:$a: NanoCore
- 0x5a68:$a: NanoCore
- 0x5a7d:$a: NanoCore
- 0x5a9c:$a: NanoCore
- 0xe99f:$a: NanoCore
- 0xe9c8:$a: NanoCore
- 0x1a741:$a: NanoCore
- 0x1a76a:$a: NanoCore
- 0x3f62d:$a: NanoCore
- 0x3f645:$a: NanoCore
- 0x3f66e:$a: NanoCore
- 0x4ea71:$a: NanoCore
|
14.2.ALP.exe.33247ad.5.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xb184:$x1: NanoCore.ClientPluginHost
- 0x24160:$x1: NanoCore.ClientPluginHost
- 0xb1b1:$x2: IClientNetworkHost
- 0x2418d:$x2: IClientNetworkHost
|
14.2.ALP.exe.33247ad.5.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xb184:$x2: NanoCore.ClientPluginHost
- 0x24160:$x2: NanoCore.ClientPluginHost
- 0xc25f:$s4: PipeCreated
- 0x2523b:$s4: PipeCreated
- 0xb19e:$s5: IClientLoggingHost
- 0x2417a:$s5: IClientLoggingHost
|
14.2.ALP.exe.33247ad.5.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
3.2.ALP.exe.34f8cc8.6.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
3.2.ALP.exe.34f8cc8.6.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
3.2.ALP.exe.34f8cc8.6.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
3.2.ALP.exe.34f8cc8.6.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
4.2.ALP.exe.24b88bc.22.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x6da5:$x1: NanoCore.ClientPluginHost
- 0x6dd2:$x2: IClientNetworkHost
|
4.2.ALP.exe.24b88bc.22.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x6da5:$x2: NanoCore.ClientPluginHost
- 0x7d74:$s2: FileCommand
- 0xc776:$s4: PipeCreated
- 0x6dbf:$s5: IClientLoggingHost
|
4.2.ALP.exe.3601ae8.28.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1f1db:$x1: NanoCore.ClientPluginHost
- 0x1f1f5:$x2: IClientNetworkHost
|
4.2.ALP.exe.3601ae8.28.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1f1db:$x2: NanoCore.ClientPluginHost
- 0x22518:$s4: PipeCreated
- 0x1f1c8:$s5: IClientLoggingHost
|
4.2.ALP.exe.7c0000.7.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x16e3:$x1: NanoCore.ClientPluginHost
- 0x171c:$x2: IClientNetworkHost
|
4.2.ALP.exe.7c0000.7.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x16e3:$x2: NanoCore.ClientPluginHost
- 0x1800:$s4: PipeCreated
- 0x16fd:$s5: IClientLoggingHost
|
17.2.smtpsvc.exe.400000.0.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
17.2.smtpsvc.exe.400000.0.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
17.2.smtpsvc.exe.400000.0.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
17.2.smtpsvc.exe.400000.0.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
4.2.ALP.exe.8b0000.12.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1deb:$x1: NanoCore.ClientPluginHost
- 0x1e24:$x2: IClientNetworkHost
|
4.2.ALP.exe.8b0000.12.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1deb:$x2: NanoCore.ClientPluginHost
- 0x1f36:$s4: PipeCreated
- 0x1e05:$s5: IClientLoggingHost
|
4.2.ALP.exe.2304c9f.18.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1a53c:$x1: NanoCore.ClientPluginHost
- 0x1a556:$x2: IClientNetworkHost
|
4.2.ALP.exe.2304c9f.18.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1a53c:$x2: NanoCore.ClientPluginHost
- 0x1d879:$s4: PipeCreated
- 0x1a529:$s5: IClientLoggingHost
|
4.2.ALP.exe.24ac674.23.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x4bbb:$x1: NanoCore.ClientPluginHost
- 0x14ded:$x1: NanoCore.ClientPluginHost
- 0x21f67:$x1: NanoCore.ClientPluginHost
- 0x2bdc7:$x1: NanoCore.ClientPluginHost
- 0x33cfd:$x1: NanoCore.ClientPluginHost
- 0x39ce0:$x1: NanoCore.ClientPluginHost
- 0x4375b:$x1: NanoCore.ClientPluginHost
- 0x4dc17:$x1: NanoCore.ClientPluginHost
- 0x58c09:$x1: NanoCore.ClientPluginHost
- 0x649bf:$x1: NanoCore.ClientPluginHost
- 0x70716:$x1: NanoCore.ClientPluginHost
- 0x4be5:$x2: IClientNetworkHost
- 0x14e1a:$x2: IClientNetworkHost
- 0x21fa0:$x2: IClientNetworkHost
- 0x2be00:$x2: IClientNetworkHost
- 0x33d36:$x2: IClientNetworkHost
- 0x438b8:$x2: IClientNetworkHost
- 0x4dc50:$x2: IClientNetworkHost
- 0x58c23:$x2: IClientNetworkHost
- 0x649d9:$x2: IClientNetworkHost
- 0x70753:$x2: IClientNetworkHost
|
4.2.ALP.exe.24ac674.23.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x4b96:$a: NanoCore
- 0x4bbb:$a: NanoCore
- 0x4c14:$a: NanoCore
- 0x14dc7:$a: NanoCore
- 0x14ded:$a: NanoCore
- 0x14e49:$a: NanoCore
- 0x21caf:$a: NanoCore
- 0x21d08:$a: NanoCore
- 0x21d3b:$a: NanoCore
- 0x21f67:$a: NanoCore
- 0x21fe3:$a: NanoCore
- 0x225fc:$a: NanoCore
- 0x22745:$a: NanoCore
- 0x22c19:$a: NanoCore
- 0x22f00:$a: NanoCore
- 0x22f17:$a: NanoCore
- 0x2bdc7:$a: NanoCore
- 0x2be43:$a: NanoCore
- 0x2e726:$a: NanoCore
- 0x33cfd:$a: NanoCore
- 0x33d77:$a: NanoCore
|
4.2.ALP.exe.820000.8.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x5b0b:$x1: NanoCore.ClientPluginHost
- 0x5b44:$x2: IClientNetworkHost
|
4.2.ALP.exe.820000.8.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x5b0b:$x2: NanoCore.ClientPluginHost
- 0x5c0f:$s4: PipeCreated
- 0x5b25:$s5: IClientLoggingHost
|
4.2.ALP.exe.8c0000.13.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x5b99:$x1: NanoCore.ClientPluginHost
- 0x5bb3:$x2: IClientNetworkHost
|
4.2.ALP.exe.8c0000.13.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x5b99:$x2: NanoCore.ClientPluginHost
- 0x6bce:$s4: PipeCreated
- 0x5b86:$s5: IClientLoggingHost
|
4.2.ALP.exe.24b88bc.22.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x8ba5:$x1: NanoCore.ClientPluginHost
- 0x15d1f:$x1: NanoCore.ClientPluginHost
- 0x1fb7f:$x1: NanoCore.ClientPluginHost
- 0x27ab5:$x1: NanoCore.ClientPluginHost
- 0x2da98:$x1: NanoCore.ClientPluginHost
- 0x37513:$x1: NanoCore.ClientPluginHost
- 0x419cf:$x1: NanoCore.ClientPluginHost
- 0x4c9c1:$x1: NanoCore.ClientPluginHost
- 0x58777:$x1: NanoCore.ClientPluginHost
- 0x644ce:$x1: NanoCore.ClientPluginHost
- 0x8bd2:$x2: IClientNetworkHost
- 0x15d58:$x2: IClientNetworkHost
- 0x1fbb8:$x2: IClientNetworkHost
- 0x27aee:$x2: IClientNetworkHost
- 0x37670:$x2: IClientNetworkHost
- 0x41a08:$x2: IClientNetworkHost
- 0x4c9db:$x2: IClientNetworkHost
- 0x58791:$x2: IClientNetworkHost
- 0x6450b:$x2: IClientNetworkHost
|
4.2.ALP.exe.24b88bc.22.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x8ba5:$x2: NanoCore.ClientPluginHost
- 0x15d1f:$x2: NanoCore.ClientPluginHost
- 0x1fb7f:$x2: NanoCore.ClientPluginHost
- 0x27ab5:$x2: NanoCore.ClientPluginHost
- 0x2da98:$x2: NanoCore.ClientPluginHost
- 0x37513:$x2: NanoCore.ClientPluginHost
- 0x419cf:$x2: NanoCore.ClientPluginHost
- 0x4c9c1:$x2: NanoCore.ClientPluginHost
- 0x58777:$x2: NanoCore.ClientPluginHost
- 0x644ce:$x2: NanoCore.ClientPluginHost
- 0x9b74:$s2: FileCommand
- 0x38469:$s3: PipeExists
- 0xe576:$s4: PipeCreated
- 0x15e3c:$s4: PipeCreated
- 0x1fc83:$s4: PipeCreated
- 0x27bd0:$s4: PipeCreated
- 0x2db76:$s4: PipeCreated
- 0x37709:$s4: PipeCreated
- 0x41b1a:$s4: PipeCreated
- 0x4d9f6:$s4: PipeCreated
- 0x5a522:$s4: PipeCreated
|
4.2.ALP.exe.24b88bc.22.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x8b7f:$a: NanoCore
- 0x8ba5:$a: NanoCore
- 0x8c01:$a: NanoCore
- 0x15a67:$a: NanoCore
- 0x15ac0:$a: NanoCore
- 0x15af3:$a: NanoCore
- 0x15d1f:$a: NanoCore
- 0x15d9b:$a: NanoCore
- 0x163b4:$a: NanoCore
- 0x164fd:$a: NanoCore
- 0x169d1:$a: NanoCore
- 0x16cb8:$a: NanoCore
- 0x16ccf:$a: NanoCore
- 0x1fb7f:$a: NanoCore
- 0x1fbfb:$a: NanoCore
- 0x224de:$a: NanoCore
- 0x27ab5:$a: NanoCore
- 0x27b2f:$a: NanoCore
- 0x2da98:$a: NanoCore
- 0x2dae2:$a: NanoCore
- 0x2e73c:$a: NanoCore
|
4.2.ALP.exe.3606787.27.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1a53c:$x1: NanoCore.ClientPluginHost
- 0x1a556:$x2: IClientNetworkHost
|
4.2.ALP.exe.3606787.27.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1a53c:$x2: NanoCore.ClientPluginHost
- 0x1d879:$s4: PipeCreated
- 0x1a529:$s5: IClientLoggingHost
|
17.2.smtpsvc.exe.3280184.5.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xf7ad:$x1: NanoCore.ClientPluginHost
- 0x28789:$x1: NanoCore.ClientPluginHost
- 0xf7da:$x2: IClientNetworkHost
- 0x287b6:$x2: IClientNetworkHost
|
17.2.smtpsvc.exe.3280184.5.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xf7ad:$x2: NanoCore.ClientPluginHost
- 0x28789:$x2: NanoCore.ClientPluginHost
- 0x10888:$s4: PipeCreated
- 0x29864:$s4: PipeCreated
- 0xf7c7:$s5: IClientLoggingHost
- 0x287a3:$s5: IClientLoggingHost
|
17.2.smtpsvc.exe.3280184.5.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.ALP.exe.6c0000.3.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xd9ad:$x1: NanoCore.ClientPluginHost
- 0xd9da:$x2: IClientNetworkHost
|
4.2.ALP.exe.6c0000.3.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xd9ad:$x2: NanoCore.ClientPluginHost
- 0xea88:$s4: PipeCreated
- 0xd9c7:$s5: IClientLoggingHost
|
4.2.ALP.exe.6c0000.3.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.ALP.exe.780000.5.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x4bbb:$x1: NanoCore.ClientPluginHost
- 0x4be5:$x2: IClientNetworkHost
|
4.2.ALP.exe.780000.5.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x4bbb:$x2: NanoCore.ClientPluginHost
- 0x6a6b:$s4: PipeCreated
|
4.2.ALP.exe.21b0000.15.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x170b:$x1: NanoCore.ClientPluginHost
- 0x1725:$x2: IClientNetworkHost
|
4.2.ALP.exe.21b0000.15.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x170b:$x2: NanoCore.ClientPluginHost
- 0x34b6:$s4: PipeCreated
- 0x16f8:$s5: IClientLoggingHost
|
11.2.smtpsvc.exe.3338cc8.5.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x42bad:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x42bea:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x4671d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
11.2.smtpsvc.exe.3338cc8.5.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
11.2.smtpsvc.exe.3338cc8.5.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0x42915:$a: NanoCore
- 0x42925:$a: NanoCore
- 0x42b59:$a: NanoCore
- 0x42b6d:$a: NanoCore
- 0x42bad:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x42974:$b: ClientPlugin
- 0x42b76:$b: ClientPlugin
- 0x42bb6:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x42a9b:$c: ProjectData
- 0x16372b:$c: ProjectData
- 0x1cc54b:$c: ProjectData
- 0x10a82:$d: DESCrypto
|
14.2.ALP.exe.3320184.4.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xf7ad:$x1: NanoCore.ClientPluginHost
- 0x28789:$x1: NanoCore.ClientPluginHost
- 0xf7da:$x2: IClientNetworkHost
- 0x287b6:$x2: IClientNetworkHost
|
14.2.ALP.exe.3320184.4.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xf7ad:$x2: NanoCore.ClientPluginHost
- 0x28789:$x2: NanoCore.ClientPluginHost
- 0x10888:$s4: PipeCreated
- 0x29864:$s4: PipeCreated
- 0xf7c7:$s5: IClientLoggingHost
- 0x287a3:$s5: IClientLoggingHost
|
14.2.ALP.exe.3320184.4.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.ALP.exe.2300000.19.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1d3db:$x1: NanoCore.ClientPluginHost
- 0x1d3f5:$x2: IClientNetworkHost
|
4.2.ALP.exe.2300000.19.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1d3db:$x2: NanoCore.ClientPluginHost
- 0x20718:$s4: PipeCreated
- 0x1d3c8:$s5: IClientLoggingHost
|
4.2.ALP.exe.8c0000.13.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x3d99:$x1: NanoCore.ClientPluginHost
- 0x3db3:$x2: IClientNetworkHost
|
4.2.ALP.exe.8c0000.13.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x3d99:$x2: NanoCore.ClientPluginHost
- 0x4dce:$s4: PipeCreated
- 0x3d86:$s5: IClientLoggingHost
|
16.2.smtpsvc.exe.400000.0.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
16.2.smtpsvc.exe.400000.0.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
16.2.smtpsvc.exe.400000.0.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
16.2.smtpsvc.exe.400000.0.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
4.2.ALP.exe.790000.6.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x8ba5:$x1: NanoCore.ClientPluginHost
- 0x8bd2:$x2: IClientNetworkHost
|
4.2.ALP.exe.790000.6.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x8ba5:$x2: NanoCore.ClientPluginHost
- 0x9b74:$s2: FileCommand
- 0xe576:$s4: PipeCreated
- 0x8bbf:$s5: IClientLoggingHost
|
4.2.ALP.exe.8a0000.11.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x59eb:$x1: NanoCore.ClientPluginHost
- 0x5b48:$x2: IClientNetworkHost
|
4.2.ALP.exe.8a0000.11.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x59eb:$x2: NanoCore.ClientPluginHost
- 0x6941:$s3: PipeExists
- 0x5be1:$s4: PipeCreated
- 0x5a05:$s5: IClientLoggingHost
|
16.2.smtpsvc.exe.3590184.3.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xf7ad:$x1: NanoCore.ClientPluginHost
- 0x28789:$x1: NanoCore.ClientPluginHost
- 0xf7da:$x2: IClientNetworkHost
- 0x287b6:$x2: IClientNetworkHost
|
16.2.smtpsvc.exe.3590184.3.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xf7ad:$x2: NanoCore.ClientPluginHost
- 0x28789:$x2: NanoCore.ClientPluginHost
- 0x10888:$s4: PipeCreated
- 0x29864:$s4: PipeCreated
- 0xf7c7:$s5: IClientLoggingHost
- 0x287a3:$s5: IClientLoggingHost
|
16.2.smtpsvc.exe.3590184.3.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.ALP.exe.3480184.24.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xd9ad:$x1: NanoCore.ClientPluginHost
- 0xd9da:$x2: IClientNetworkHost
|
4.2.ALP.exe.3480184.24.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xd9ad:$x2: NanoCore.ClientPluginHost
- 0xea88:$s4: PipeCreated
- 0xd9c7:$s5: IClientLoggingHost
|
4.2.ALP.exe.3480184.24.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.ALP.exe.780000.5.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x2dbb:$x1: NanoCore.ClientPluginHost
- 0x2de5:$x2: IClientNetworkHost
|
4.2.ALP.exe.780000.5.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2dbb:$x2: NanoCore.ClientPluginHost
- 0x4c6b:$s4: PipeCreated
|
14.2.ALP.exe.22f4d80.2.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
|
14.2.ALP.exe.22f4d80.2.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
|
14.2.ALP.exe.400000.0.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
14.2.ALP.exe.400000.0.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
14.2.ALP.exe.400000.0.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
14.2.ALP.exe.400000.0.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
16.2.smtpsvc.exe.35947ad.5.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xb184:$x1: NanoCore.ClientPluginHost
- 0x24160:$x1: NanoCore.ClientPluginHost
- 0xb1b1:$x2: IClientNetworkHost
- 0x2418d:$x2: IClientNetworkHost
|
16.2.smtpsvc.exe.35947ad.5.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xb184:$x2: NanoCore.ClientPluginHost
- 0x24160:$x2: NanoCore.ClientPluginHost
- 0xc25f:$s4: PipeCreated
- 0x2523b:$s4: PipeCreated
- 0xb19e:$s5: IClientLoggingHost
- 0x2417a:$s5: IClientLoggingHost
|
16.2.smtpsvc.exe.35947ad.5.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.ALP.exe.361038c.29.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x10937:$x1: NanoCore.ClientPluginHost
- 0x10951:$x2: IClientNetworkHost
|
4.2.ALP.exe.361038c.29.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x10937:$x2: NanoCore.ClientPluginHost
- 0x13c74:$s4: PipeCreated
- 0x10924:$s5: IClientLoggingHost
|
17.2.smtpsvc.exe.32847ad.3.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xb184:$x1: NanoCore.ClientPluginHost
- 0x24160:$x1: NanoCore.ClientPluginHost
- 0xb1b1:$x2: IClientNetworkHost
- 0x2418d:$x2: IClientNetworkHost
|
17.2.smtpsvc.exe.32847ad.3.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xb184:$x2: NanoCore.ClientPluginHost
- 0x24160:$x2: NanoCore.ClientPluginHost
- 0xc25f:$s4: PipeCreated
- 0x2523b:$s4: PipeCreated
- 0xb19e:$s5: IClientLoggingHost
- 0x2417a:$s5: IClientLoggingHost
|
17.2.smtpsvc.exe.32847ad.3.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
17.2.smtpsvc.exe.2254e04.2.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
|
17.2.smtpsvc.exe.2254e04.2.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
|
4.2.ALP.exe.21b0000.15.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x350b:$x1: NanoCore.ClientPluginHost
- 0x3525:$x2: IClientNetworkHost
|
4.2.ALP.exe.21b0000.15.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x350b:$x2: NanoCore.ClientPluginHost
- 0x52b6:$s4: PipeCreated
- 0x34f8:$s5: IClientLoggingHost
|
4.2.ALP.exe.8b0000.12.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x39eb:$x1: NanoCore.ClientPluginHost
- 0x3a24:$x2: IClientNetworkHost
|
4.2.ALP.exe.8b0000.12.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x39eb:$x2: NanoCore.ClientPluginHost
- 0x3b36:$s4: PipeCreated
- 0x3a05:$s5: IClientLoggingHost
|
4.2.ALP.exe.34847ad.25.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xb184:$x1: NanoCore.ClientPluginHost
- 0x24160:$x1: NanoCore.ClientPluginHost
- 0xb1b1:$x2: IClientNetworkHost
- 0x2418d:$x2: IClientNetworkHost
|
4.2.ALP.exe.34847ad.25.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xb184:$x2: NanoCore.ClientPluginHost
- 0x24160:$x2: NanoCore.ClientPluginHost
- 0xc25f:$s4: PipeCreated
- 0x2523b:$s4: PipeCreated
- 0xb19e:$s5: IClientLoggingHost
- 0x2417a:$s5: IClientLoggingHost
|
4.2.ALP.exe.34847ad.25.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.ALP.exe.375cb0e.30.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x5b99:$x1: NanoCore.ClientPluginHost
- 0x1193b:$x1: NanoCore.ClientPluginHost
- 0x3683f:$x1: NanoCore.ClientPluginHost
- 0x45c7f:$x1: NanoCore.ClientPluginHost
- 0x5bb3:$x2: IClientNetworkHost
- 0x11955:$x2: IClientNetworkHost
- 0x36859:$x2: IClientNetworkHost
- 0x45cbc:$x2: IClientNetworkHost
|
4.2.ALP.exe.375cb0e.30.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x5b99:$x2: NanoCore.ClientPluginHost
- 0x1193b:$x2: NanoCore.ClientPluginHost
- 0x3683f:$x2: NanoCore.ClientPluginHost
- 0x45c7f:$x2: NanoCore.ClientPluginHost
- 0x6bce:$s4: PipeCreated
- 0x136e6:$s4: PipeCreated
- 0x39b7c:$s4: PipeCreated
- 0x490d2:$s4: PipeCreated
- 0x5b86:$s5: IClientLoggingHost
- 0x11928:$s5: IClientLoggingHost
- 0x3682c:$s5: IClientLoggingHost
- 0x45ca9:$s5: IClientLoggingHost
|
4.2.ALP.exe.24ac674.23.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x2dbb:$x1: NanoCore.ClientPluginHost
- 0x2de5:$x2: IClientNetworkHost
|
4.2.ALP.exe.24ac674.23.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2dbb:$x2: NanoCore.ClientPluginHost
- 0x4c6b:$s4: PipeCreated
|
4.2.ALP.exe.375cb0e.30.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x3d99:$x1: NanoCore.ClientPluginHost
- 0xcd3b:$x1: NanoCore.ClientPluginHost
- 0x3db3:$x2: IClientNetworkHost
- 0xcd55:$x2: IClientNetworkHost
|
4.2.ALP.exe.375cb0e.30.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x3d99:$x2: NanoCore.ClientPluginHost
- 0xcd3b:$x2: NanoCore.ClientPluginHost
- 0x4dce:$s4: PipeCreated
- 0x3d86:$s5: IClientLoggingHost
- 0xcd28:$s5: IClientLoggingHost
|
4.2.ALP.exe.21d0000.16.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x41ee:$x1: NanoCore.ClientPluginHost
- 0x422b:$x2: IClientNetworkHost
|
4.2.ALP.exe.21d0000.16.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x41ee:$x2: NanoCore.ClientPluginHost
- 0x7641:$s4: PipeCreated
- 0x4218:$s5: IClientLoggingHost
|
4.2.ALP.exe.24ccef8.21.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x16e3:$x1: NanoCore.ClientPluginHost
- 0xb543:$x1: NanoCore.ClientPluginHost
- 0x13479:$x1: NanoCore.ClientPluginHost
- 0x1945c:$x1: NanoCore.ClientPluginHost
- 0x22ed7:$x1: NanoCore.ClientPluginHost
- 0x2d393:$x1: NanoCore.ClientPluginHost
- 0x38385:$x1: NanoCore.ClientPluginHost
- 0x4413b:$x1: NanoCore.ClientPluginHost
- 0x4fe92:$x1: NanoCore.ClientPluginHost
- 0x171c:$x2: IClientNetworkHost
- 0xb57c:$x2: IClientNetworkHost
- 0x134b2:$x2: IClientNetworkHost
- 0x23034:$x2: IClientNetworkHost
- 0x2d3cc:$x2: IClientNetworkHost
- 0x3839f:$x2: IClientNetworkHost
- 0x44155:$x2: IClientNetworkHost
- 0x4fecf:$x2: IClientNetworkHost
|
4.2.ALP.exe.24ccef8.21.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x16e3:$x2: NanoCore.ClientPluginHost
- 0xb543:$x2: NanoCore.ClientPluginHost
- 0x13479:$x2: NanoCore.ClientPluginHost
- 0x1945c:$x2: NanoCore.ClientPluginHost
- 0x22ed7:$x2: NanoCore.ClientPluginHost
- 0x2d393:$x2: NanoCore.ClientPluginHost
- 0x38385:$x2: NanoCore.ClientPluginHost
- 0x4413b:$x2: NanoCore.ClientPluginHost
- 0x4fe92:$x2: NanoCore.ClientPluginHost
- 0x23e2d:$s3: PipeExists
- 0x1800:$s4: PipeCreated
- 0xb647:$s4: PipeCreated
- 0x13594:$s4: PipeCreated
- 0x1953a:$s4: PipeCreated
- 0x230cd:$s4: PipeCreated
- 0x2d4de:$s4: PipeCreated
- 0x393ba:$s4: PipeCreated
- 0x45ee6:$s4: PipeCreated
- 0x532e5:$s4: PipeCreated
- 0x16fd:$s5: IClientLoggingHost
- 0xb55d:$s5: IClientLoggingHost
|
4.2.ALP.exe.24ccef8.21.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x142b:$a: NanoCore
- 0x1484:$a: NanoCore
- 0x14b7:$a: NanoCore
- 0x16e3:$a: NanoCore
- 0x175f:$a: NanoCore
- 0x1d78:$a: NanoCore
- 0x1ec1:$a: NanoCore
- 0x2395:$a: NanoCore
- 0x267c:$a: NanoCore
- 0x2693:$a: NanoCore
- 0xb543:$a: NanoCore
- 0xb5bf:$a: NanoCore
- 0xdea2:$a: NanoCore
- 0x13479:$a: NanoCore
- 0x134f3:$a: NanoCore
- 0x1945c:$a: NanoCore
- 0x194a6:$a: NanoCore
- 0x1a100:$a: NanoCore
- 0x22ed7:$a: NanoCore
- 0x22fc1:$a: NanoCore
- 0x23e38:$a: NanoCore
|
4.2.ALP.exe.6c0000.3.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xf7ad:$x1: NanoCore.ClientPluginHost
- 0xf7da:$x2: IClientNetworkHost
|
4.2.ALP.exe.6c0000.3.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xf7ad:$x2: NanoCore.ClientPluginHost
- 0x10888:$s4: PipeCreated
- 0xf7c7:$s5: IClientLoggingHost
|
4.2.ALP.exe.6c0000.3.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
17.2.smtpsvc.exe.3280184.5.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xd9ad:$x1: NanoCore.ClientPluginHost
- 0xd9da:$x2: IClientNetworkHost
|
17.2.smtpsvc.exe.3280184.5.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xd9ad:$x2: NanoCore.ClientPluginHost
- 0xea88:$s4: PipeCreated
- 0xd9c7:$s5: IClientLoggingHost
|
17.2.smtpsvc.exe.3280184.5.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
14.2.ALP.exe.331b34e.3.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0x145e3:$x1: NanoCore.ClientPluginHost
- 0x2d5bf:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
- 0x14610:$x2: IClientNetworkHost
- 0x2d5ec:$x2: IClientNetworkHost
|
14.2.ALP.exe.331b34e.3.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x145e3:$x2: NanoCore.ClientPluginHost
- 0x2d5bf:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0x156be:$s4: PipeCreated
- 0x2e69a:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
- 0x145fd:$s5: IClientLoggingHost
- 0x2d5d9:$s5: IClientLoggingHost
|
14.2.ALP.exe.331b34e.3.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
14.2.ALP.exe.331b34e.3.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xddf:$a: NanoCore
- 0xe38:$a: NanoCore
- 0xe75:$a: NanoCore
- 0xeee:$a: NanoCore
- 0x14599:$a: NanoCore
- 0x145ae:$a: NanoCore
- 0x145e3:$a: NanoCore
- 0x2d575:$a: NanoCore
- 0x2d58a:$a: NanoCore
- 0x2d5bf:$a: NanoCore
- 0xe41:$b: ClientPlugin
- 0xe7e:$b: ClientPlugin
- 0x177c:$b: ClientPlugin
- 0x1789:$b: ClientPlugin
- 0x14355:$b: ClientPlugin
- 0x14370:$b: ClientPlugin
- 0x143a0:$b: ClientPlugin
- 0x145b7:$b: ClientPlugin
- 0x145ec:$b: ClientPlugin
- 0x2d331:$b: ClientPlugin
- 0x2d34c:$b: ClientPlugin
|
4.2.ALP.exe.6c4629.4.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xb184:$x1: NanoCore.ClientPluginHost
- 0xb1b1:$x2: IClientNetworkHost
|
4.2.ALP.exe.6c4629.4.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xb184:$x2: NanoCore.ClientPluginHost
- 0xc25f:$s4: PipeCreated
- 0xb19e:$s5: IClientLoggingHost
|
4.2.ALP.exe.6c4629.4.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.ALP.exe.850000.10.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x13a8:$x1: NanoCore.ClientPluginHost
|
4.2.ALP.exe.850000.10.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x13a8:$x2: NanoCore.ClientPluginHost
- 0x1486:$s4: PipeCreated
- 0x13c2:$s5: IClientLoggingHost
|
4.2.ALP.exe.840000.9.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x2205:$x1: NanoCore.ClientPluginHost
- 0x223e:$x2: IClientNetworkHost
|
4.2.ALP.exe.840000.9.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2205:$x2: NanoCore.ClientPluginHost
- 0x2320:$s4: PipeCreated
- 0x221f:$s5: IClientLoggingHost
|
12.2.smtpsvc.exe.3298cc8.5.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x42bad:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x42bea:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x4671d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
12.2.smtpsvc.exe.3298cc8.5.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
12.2.smtpsvc.exe.3298cc8.5.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0x42915:$a: NanoCore
- 0x42925:$a: NanoCore
- 0x42b59:$a: NanoCore
- 0x42b6d:$a: NanoCore
- 0x42bad:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x42974:$b: ClientPlugin
- 0x42b76:$b: ClientPlugin
- 0x42bb6:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x42a9b:$c: ProjectData
- 0x16372b:$c: ProjectData
- 0x1cc54b:$c: ProjectData
- 0x10a82:$d: DESCrypto
|
4.2.ALP.exe.840000.9.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x605:$x1: NanoCore.ClientPluginHost
- 0x63e:$x2: IClientNetworkHost
|
4.2.ALP.exe.840000.9.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x605:$x2: NanoCore.ClientPluginHost
- 0x720:$s4: PipeCreated
- 0x61f:$s5: IClientLoggingHost
|
4.2.ALP.exe.244df88.20.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
|
4.2.ALP.exe.244df88.20.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
|
11.2.smtpsvc.exe.3338cc8.5.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
11.2.smtpsvc.exe.3338cc8.5.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
11.2.smtpsvc.exe.3338cc8.5.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
11.2.smtpsvc.exe.3338cc8.5.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
4.2.ALP.exe.347b34e.26.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0x145e3:$x1: NanoCore.ClientPluginHost
- 0x2d5bf:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
- 0x14610:$x2: IClientNetworkHost
- 0x2d5ec:$x2: IClientNetworkHost
|
4.2.ALP.exe.347b34e.26.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x145e3:$x2: NanoCore.ClientPluginHost
- 0x2d5bf:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0x156be:$s4: PipeCreated
- 0x2e69a:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
- 0x145fd:$s5: IClientLoggingHost
- 0x2d5d9:$s5: IClientLoggingHost
|
4.2.ALP.exe.347b34e.26.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.ALP.exe.347b34e.26.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xddf:$a: NanoCore
- 0xe38:$a: NanoCore
- 0xe75:$a: NanoCore
- 0xeee:$a: NanoCore
- 0x14599:$a: NanoCore
- 0x145ae:$a: NanoCore
- 0x145e3:$a: NanoCore
- 0x2d575:$a: NanoCore
- 0x2d58a:$a: NanoCore
- 0x2d5bf:$a: NanoCore
- 0xe41:$b: ClientPlugin
- 0xe7e:$b: ClientPlugin
- 0x177c:$b: ClientPlugin
- 0x1789:$b: ClientPlugin
- 0x14355:$b: ClientPlugin
- 0x14370:$b: ClientPlugin
- 0x143a0:$b: ClientPlugin
- 0x145b7:$b: ClientPlugin
- 0x145ec:$b: ClientPlugin
- 0x2d331:$b: ClientPlugin
- 0x2d34c:$b: ClientPlugin
|
12.2.smtpsvc.exe.3298cc8.5.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
12.2.smtpsvc.exe.3298cc8.5.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
12.2.smtpsvc.exe.3298cc8.5.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
12.2.smtpsvc.exe.3298cc8.5.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
4.2.ALP.exe.2300000.19.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1f1db:$x1: NanoCore.ClientPluginHost
- 0x1f1f5:$x2: IClientNetworkHost
|
4.2.ALP.exe.2300000.19.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1f1db:$x2: NanoCore.ClientPluginHost
- 0x22518:$s4: PipeCreated
- 0x1f1c8:$s5: IClientLoggingHost
|
4.2.ALP.exe.3480184.24.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xf7ad:$x1: NanoCore.ClientPluginHost
- 0x28789:$x1: NanoCore.ClientPluginHost
- 0xf7da:$x2: IClientNetworkHost
- 0x287b6:$x2: IClientNetworkHost
|
4.2.ALP.exe.3480184.24.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xf7ad:$x2: NanoCore.ClientPluginHost
- 0x28789:$x2: NanoCore.ClientPluginHost
- 0x10888:$s4: PipeCreated
- 0x29864:$s4: PipeCreated
- 0xf7c7:$s5: IClientLoggingHost
- 0x287a3:$s5: IClientLoggingHost
|
4.2.ALP.exe.3480184.24.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
3.2.ALP.exe.34f8cc8.6.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x42bad:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x42bea:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x4671d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
3.2.ALP.exe.34f8cc8.6.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
3.2.ALP.exe.34f8cc8.6.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0x42915:$a: NanoCore
- 0x42925:$a: NanoCore
- 0x42b59:$a: NanoCore
- 0x42b6d:$a: NanoCore
- 0x42bad:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x42974:$b: ClientPlugin
- 0x42b76:$b: ClientPlugin
- 0x42bb6:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x42a9b:$c: ProjectData
- 0x16372b:$c: ProjectData
- 0x1cc54b:$c: ProjectData
- 0x10a82:$d: DESCrypto
|
10.2.ALP.exe.3318cc8.6.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x42bad:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x42bea:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x4671d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
10.2.ALP.exe.3318cc8.6.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
10.2.ALP.exe.3318cc8.6.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0x42915:$a: NanoCore
- 0x42925:$a: NanoCore
- 0x42b59:$a: NanoCore
- 0x42b6d:$a: NanoCore
- 0x42bad:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x42974:$b: ClientPlugin
- 0x42b76:$b: ClientPlugin
- 0x42bb6:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x42a9b:$c: ProjectData
- 0x16372b:$c: ProjectData
- 0x1cc54b:$c: ProjectData
- 0x10a82:$d: DESCrypto
|
Click to see the 191 entries |