Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://fontfabrik.com |
Source: 1FB6ncJ5XP.exe |
String found in binary or memory: http://github.com/besentv |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.339237051.0000000002D51000.00000004.00000001.sdmp, 1FB6ncJ5XP.exe, 00000007.00000002.569044222.0000000002D77000.00000004.00000001.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.carterandcone.coml |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/? |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers8 |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers? |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com/designersG |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fonts.com |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn/bThe |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn/cThe |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.galapagosdesign.com/DPlease |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.goodfont.co.kr |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.jiyu-kobo.co.jp/ |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.sajatypeworks.com |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.sakkal.com |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.sandoll.co.kr |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.tiro.com |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.typography.netD |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.urwpp.deDPlease |
Source: 1FB6ncJ5XP.exe, 00000000.00000002.343581547.0000000006F22000.00000004.00000001.sdmp |
String found in binary or memory: http://www.zhongyicts.com.cn |
Source: 7.2.1FB6ncJ5XP.exe.5640000.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 7.2.1FB6ncJ5XP.exe.3d6ff64.3.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 7.2.1FB6ncJ5XP.exe.5784629.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 7.2.1FB6ncJ5XP.exe.3d6ff64.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 7.2.1FB6ncJ5XP.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 7.2.1FB6ncJ5XP.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 7.2.1FB6ncJ5XP.exe.5780000.8.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 7.2.1FB6ncJ5XP.exe.3d7458d.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.1FB6ncJ5XP.exe.3dc6730.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.1FB6ncJ5XP.exe.3dc6730.1.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 7.2.1FB6ncJ5XP.exe.5780000.8.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.1FB6ncJ5XP.exe.3dc6730.1.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.1FB6ncJ5XP.exe.3dc6730.1.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 7.2.1FB6ncJ5XP.exe.3d6b12e.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 7.2.1FB6ncJ5XP.exe.3d6b12e.5.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000007.00000002.573289700.0000000005640000.00000004.00020000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000007.00000002.573397352.0000000005780000.00000004.00020000.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000000.00000002.340496644.0000000003EE2000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000000.00000002.340496644.0000000003EE2000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000007.00000002.566743292.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000007.00000002.566743292.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000007.00000002.572012572.0000000003D69000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000002.340027547.0000000003D59000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000000.00000002.340027547.0000000003D59000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: 1FB6ncJ5XP.exe PID: 6448, type: MEMORYSTR |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: 1FB6ncJ5XP.exe PID: 6448, type: MEMORYSTR |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: 1FB6ncJ5XP.exe PID: 2832, type: MEMORYSTR |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: 1FB6ncJ5XP.exe PID: 2832, type: MEMORYSTR |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 1FB6ncJ5XP.exe, MainUI.cs |
Long String: Length: 23851 |
Source: 1FB6ncJ5XP.exe, MainUI.cs |
Long String: Length: 23852 |
Source: QLpzxrlNoQJN.exe.0.dr, MainUI.cs |
Long String: Length: 23851 |
Source: QLpzxrlNoQJN.exe.0.dr, MainUI.cs |
Long String: Length: 23852 |
Source: 0.0.1FB6ncJ5XP.exe.9c0000.0.unpack, MainUI.cs |
Long String: Length: 23851 |
Source: 0.0.1FB6ncJ5XP.exe.9c0000.0.unpack, MainUI.cs |
Long String: Length: 23852 |
Source: 0.2.1FB6ncJ5XP.exe.9c0000.0.unpack, MainUI.cs |
Long String: Length: 23851 |
Source: 0.2.1FB6ncJ5XP.exe.9c0000.0.unpack, MainUI.cs |
Long String: Length: 23852 |
Source: 7.2.1FB6ncJ5XP.exe.a40000.1.unpack, MainUI.cs |
Long String: Length: 23851 |
Source: 7.2.1FB6ncJ5XP.exe.a40000.1.unpack, MainUI.cs |
Long String: Length: 23852 |
Source: 7.0.1FB6ncJ5XP.exe.a40000.0.unpack, MainUI.cs |
Long String: Length: 23851 |
Source: 7.0.1FB6ncJ5XP.exe.a40000.0.unpack, MainUI.cs |
Long String: Length: 23852 |
Source: 7.2.1FB6ncJ5XP.exe.5640000.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 7.2.1FB6ncJ5XP.exe.5640000.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.1FB6ncJ5XP.exe.3d6ff64.3.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 7.2.1FB6ncJ5XP.exe.3d6ff64.3.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.1FB6ncJ5XP.exe.5784629.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 7.2.1FB6ncJ5XP.exe.5784629.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.1FB6ncJ5XP.exe.3d6ff64.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 7.2.1FB6ncJ5XP.exe.3d6ff64.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.1FB6ncJ5XP.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 7.2.1FB6ncJ5XP.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.1FB6ncJ5XP.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 7.2.1FB6ncJ5XP.exe.5780000.8.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 7.2.1FB6ncJ5XP.exe.5780000.8.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.1FB6ncJ5XP.exe.3d7458d.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 7.2.1FB6ncJ5XP.exe.3d7458d.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.1FB6ncJ5XP.exe.3dc6730.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.1FB6ncJ5XP.exe.3dc6730.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.1FB6ncJ5XP.exe.3dc6730.1.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 7.2.1FB6ncJ5XP.exe.5780000.8.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 7.2.1FB6ncJ5XP.exe.5780000.8.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.1FB6ncJ5XP.exe.3dc6730.1.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.1FB6ncJ5XP.exe.3dc6730.1.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.1FB6ncJ5XP.exe.3dc6730.1.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 7.2.1FB6ncJ5XP.exe.3d6b12e.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 7.2.1FB6ncJ5XP.exe.3d6b12e.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 7.2.1FB6ncJ5XP.exe.3d6b12e.5.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000007.00000002.573289700.0000000005640000.00000004.00020000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000007.00000002.573289700.0000000005640000.00000004.00020000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000007.00000002.573397352.0000000005780000.00000004.00020000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000007.00000002.573397352.0000000005780000.00000004.00020000.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000002.340496644.0000000003EE2000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000000.00000002.340496644.0000000003EE2000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000007.00000002.566743292.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000007.00000002.566743292.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000007.00000002.572012572.0000000003D69000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000002.340027547.0000000003D59000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000000.00000002.340027547.0000000003D59000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: 1FB6ncJ5XP.exe PID: 6448, type: MEMORYSTR |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: 1FB6ncJ5XP.exe PID: 6448, type: MEMORYSTR |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: 1FB6ncJ5XP.exe PID: 2832, type: MEMORYSTR |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: 1FB6ncJ5XP.exe PID: 2832, type: MEMORYSTR |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |