14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.15a0000.10.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x5b99:$x1: NanoCore.ClientPluginHost
- 0x5bb3:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.15a0000.10.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x5b99:$x2: NanoCore.ClientPluginHost
- 0x6bce:$s4: PipeCreated
- 0x5b86:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.5ad0000.31.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.5ad0000.31.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.1570000.7.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x605:$x1: NanoCore.ClientPluginHost
- 0x63e:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.1570000.7.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x605:$x2: NanoCore.ClientPluginHost
- 0x720:$s4: PipeCreated
- 0x61f:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.438e747.25.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x170b:$x1: NanoCore.ClientPluginHost
- 0x1725:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.438e747.25.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x170b:$x2: NanoCore.ClientPluginHost
- 0x34b6:$s4: PipeCreated
- 0x16f8:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.1580000.8.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x3deb:$x1: NanoCore.ClientPluginHost
- 0xbfdb:$x1: NanoCore.ClientPluginHost
- 0x3f48:$x2: IClientNetworkHost
- 0xbfbb:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.1580000.8.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x3deb:$x2: NanoCore.ClientPluginHost
- 0xbfdb:$x2: NanoCore.ClientPluginHost
- 0x4d41:$s3: PipeExists
- 0x3fe1:$s4: PipeCreated
- 0xbab0:$s4: PipeCreated
- 0x3e05:$s5: IClientLoggingHost
- 0xbf7b:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.15e0000.12.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x5fee:$x1: NanoCore.ClientPluginHost
- 0x602b:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.15e0000.12.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x5fee:$x2: NanoCore.ClientPluginHost
- 0x9441:$s4: PipeCreated
- 0x6018:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.4255f98.23.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1d3db:$x1: NanoCore.ClientPluginHost
- 0x1d3f5:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.4255f98.23.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1d3db:$x2: NanoCore.ClientPluginHost
- 0x20718:$s4: PipeCreated
- 0x1d3c8:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.3224128.18.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x6da5:$x1: NanoCore.ClientPluginHost
- 0x6dd2:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.3224128.18.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x6da5:$x2: NanoCore.ClientPluginHost
- 0x7d74:$s2: FileCommand
- 0xc776:$s4: PipeCreated
- 0x6dbf:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.1580000.8.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x59eb:$x1: NanoCore.ClientPluginHost
- 0x5b48:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.1580000.8.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x59eb:$x2: NanoCore.ClientPluginHost
- 0x6941:$s3: PipeExists
- 0x5be1:$s4: PipeCreated
- 0x5a05:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.14f0000.2.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x4bbb:$x1: NanoCore.ClientPluginHost
- 0x4be5:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.14f0000.2.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x4bbb:$x2: NanoCore.ClientPluginHost
- 0x6a6b:$s4: PipeCreated
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.4502d4c.30.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x3deb:$x1: NanoCore.ClientPluginHost
- 0x3f48:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.4502d4c.30.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x3deb:$x2: NanoCore.ClientPluginHost
- 0x4d41:$s3: PipeExists
- 0x3fe1:$s4: PipeCreated
- 0x3e05:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.2ed0000.15.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1f1db:$x1: NanoCore.ClientPluginHost
- 0x1f1f5:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.2ed0000.15.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1f1db:$x2: NanoCore.ClientPluginHost
- 0x22518:$s4: PipeCreated
- 0x1f1c8:$s5: IClientLoggingHost
|
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.831ebd8.12.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.831ebd8.12.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.831ebd8.12.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.831ebd8.12.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.41c8a00.21.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xd9ad:$x1: NanoCore.ClientPluginHost
- 0xd9da:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.41c8a00.21.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xd9ad:$x2: NanoCore.ClientPluginHost
- 0xea88:$s4: PipeCreated
- 0xd9c7:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.41c8a00.21.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.3224128.18.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x8ba5:$x1: NanoCore.ClientPluginHost
- 0x15d1f:$x1: NanoCore.ClientPluginHost
- 0x1fb7f:$x1: NanoCore.ClientPluginHost
- 0x26c5c:$x1: NanoCore.ClientPluginHost
- 0x2cef5:$x1: NanoCore.ClientPluginHost
- 0x37513:$x1: NanoCore.ClientPluginHost
- 0x3ed4f:$x1: NanoCore.ClientPluginHost
- 0x45351:$x1: NanoCore.ClientPluginHost
- 0x51107:$x1: NanoCore.ClientPluginHost
- 0x5ce5e:$x1: NanoCore.ClientPluginHost
- 0x8bd2:$x2: IClientNetworkHost
- 0x15d58:$x2: IClientNetworkHost
- 0x1fbb8:$x2: IClientNetworkHost
- 0x2cf2e:$x2: IClientNetworkHost
- 0x37670:$x2: IClientNetworkHost
- 0x3ed2f:$x2: IClientNetworkHost
- 0x4536b:$x2: IClientNetworkHost
- 0x51121:$x2: IClientNetworkHost
- 0x5ce9b:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.3224128.18.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x8ba5:$x2: NanoCore.ClientPluginHost
- 0x15d1f:$x2: NanoCore.ClientPluginHost
- 0x1fb7f:$x2: NanoCore.ClientPluginHost
- 0x26c5c:$x2: NanoCore.ClientPluginHost
- 0x2cef5:$x2: NanoCore.ClientPluginHost
- 0x37513:$x2: NanoCore.ClientPluginHost
- 0x3ed4f:$x2: NanoCore.ClientPluginHost
- 0x45351:$x2: NanoCore.ClientPluginHost
- 0x51107:$x2: NanoCore.ClientPluginHost
- 0x5ce5e:$x2: NanoCore.ClientPluginHost
- 0x9b74:$s2: FileCommand
- 0x38469:$s3: PipeExists
- 0xe576:$s4: PipeCreated
- 0x15e3c:$s4: PipeCreated
- 0x1fc83:$s4: PipeCreated
- 0x26d3a:$s4: PipeCreated
- 0x2d010:$s4: PipeCreated
- 0x37709:$s4: PipeCreated
- 0x3e824:$s4: PipeCreated
- 0x46386:$s4: PipeCreated
- 0x52eb2:$s4: PipeCreated
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.426483c.22.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x10937:$x1: NanoCore.ClientPluginHost
- 0x10951:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.426483c.22.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x10937:$x2: NanoCore.ClientPluginHost
- 0x13c74:$s4: PipeCreated
- 0x10924:$s5: IClientLoggingHost
|
27.0.svchost.exe.4c60778.4.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
27.0.svchost.exe.4c60778.4.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
27.0.svchost.exe.4c60778.4.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
27.0.svchost.exe.4c60778.4.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.439797d.27.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1d3db:$x1: NanoCore.ClientPluginHost
- 0x1d3f5:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.439797d.27.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1d3db:$x2: NanoCore.ClientPluginHost
- 0x20718:$s4: PipeCreated
- 0x1d3c8:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.6200000.33.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xf7ad:$x1: NanoCore.ClientPluginHost
- 0xf7da:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.6200000.33.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xf7ad:$x2: NanoCore.ClientPluginHost
- 0x10888:$s4: PipeCreated
- 0xf7c7:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.6200000.33.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.14f0000.2.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x2dbb:$x1: NanoCore.ClientPluginHost
- 0x2de5:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.14f0000.2.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2dbb:$x2: NanoCore.ClientPluginHost
- 0x4c6b:$s4: PipeCreated
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.15e0000.12.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x41ee:$x1: NanoCore.ClientPluginHost
- 0x422b:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.15e0000.12.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x41ee:$x2: NanoCore.ClientPluginHost
- 0x7641:$s4: PipeCreated
- 0x4218:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.2ed0000.15.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1d3db:$x1: NanoCore.ClientPluginHost
- 0x1d3f5:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.2ed0000.15.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1d3db:$x2: NanoCore.ClientPluginHost
- 0x20718:$s4: PipeCreated
- 0x1d3c8:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.cf0000.1.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth | - 0x1a9706:$x1: https://cdn.discordapp.com/attachments/
- 0x1a97ba:$x1: https://cdn.discordapp.com/attachments/
|
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.4150338.4.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x6e5ed:$x1: NanoCore.ClientPluginHost
- 0x6e62a:$x2: IClientNetworkHost
- 0x7215d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.4150338.4.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x6e365:$x1: NanoCore Client.exe
- 0x6e5ed:$x2: NanoCore.ClientPluginHost
- 0x6fc26:$s1: PluginCommand
- 0x6fc1a:$s2: FileCommand
- 0x70acb:$s3: PipeExists
- 0x76882:$s4: PipeCreated
- 0x6e617:$s5: IClientLoggingHost
|
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.4150338.4.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.4150338.4.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x6e355:$a: NanoCore
- 0x6e365:$a: NanoCore
- 0x6e599:$a: NanoCore
- 0x6e5ad:$a: NanoCore
- 0x6e5ed:$a: NanoCore
- 0x6e3b4:$b: ClientPlugin
- 0x6e5b6:$b: ClientPlugin
- 0x6e5f6:$b: ClientPlugin
- 0x3c1e7:$c: ProjectData
- 0x6e4db:$c: ProjectData
- 0x6eee2:$d: DESCrypto
- 0x768ae:$e: KeepAlive
- 0x7489c:$g: LogClientMessage
- 0x70a97:$i: get_Connected
- 0x2095d:$j: #=q
- 0x6f218:$j: #=q
- 0x6f248:$j: #=q
- 0x6f264:$j: #=q
- 0x6f294:$j: #=q
- 0x6f2b0:$j: #=q
- 0x6f2cc:$j: #=q
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.3238764.17.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x16e3:$x1: NanoCore.ClientPluginHost
- 0xb543:$x1: NanoCore.ClientPluginHost
- 0x12620:$x1: NanoCore.ClientPluginHost
- 0x188b9:$x1: NanoCore.ClientPluginHost
- 0x22ed7:$x1: NanoCore.ClientPluginHost
- 0x2a713:$x1: NanoCore.ClientPluginHost
- 0x30d15:$x1: NanoCore.ClientPluginHost
- 0x3cacb:$x1: NanoCore.ClientPluginHost
- 0x48822:$x1: NanoCore.ClientPluginHost
- 0x171c:$x2: IClientNetworkHost
- 0xb57c:$x2: IClientNetworkHost
- 0x188f2:$x2: IClientNetworkHost
- 0x23034:$x2: IClientNetworkHost
- 0x2a6f3:$x2: IClientNetworkHost
- 0x30d2f:$x2: IClientNetworkHost
- 0x3cae5:$x2: IClientNetworkHost
- 0x4885f:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.3238764.17.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x16e3:$x2: NanoCore.ClientPluginHost
- 0xb543:$x2: NanoCore.ClientPluginHost
- 0x12620:$x2: NanoCore.ClientPluginHost
- 0x188b9:$x2: NanoCore.ClientPluginHost
- 0x22ed7:$x2: NanoCore.ClientPluginHost
- 0x2a713:$x2: NanoCore.ClientPluginHost
- 0x30d15:$x2: NanoCore.ClientPluginHost
- 0x3cacb:$x2: NanoCore.ClientPluginHost
- 0x48822:$x2: NanoCore.ClientPluginHost
- 0x23e2d:$s3: PipeExists
- 0x1800:$s4: PipeCreated
- 0xb647:$s4: PipeCreated
- 0x126fe:$s4: PipeCreated
- 0x189d4:$s4: PipeCreated
- 0x230cd:$s4: PipeCreated
- 0x2a1e8:$s4: PipeCreated
- 0x31d4a:$s4: PipeCreated
- 0x3e876:$s4: PipeCreated
- 0x4bc75:$s4: PipeCreated
- 0x16fd:$s5: IClientLoggingHost
- 0xb55d:$s5: IClientLoggingHost
|
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.4130318.5.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x8e385:$x1: NanoCore Client.exe
|
18.0.svchost.exe.f80000.12.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth | - 0x1a9706:$x1: https://cdn.discordapp.com/attachments/
- 0x1a97ba:$x1: https://cdn.discordapp.com/attachments/
|
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.48a5690.6.raw.unpack | JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | |
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.48a5690.6.raw.unpack | JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | |
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.15a0000.10.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x3d99:$x1: NanoCore.ClientPluginHost
- 0x3db3:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.15a0000.10.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x3d99:$x2: NanoCore.ClientPluginHost
- 0x4dce:$s4: PipeCreated
- 0x3d86:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.450f17b.29.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x3d99:$x1: NanoCore.ClientPluginHost
- 0xcd3b:$x1: NanoCore.ClientPluginHost
- 0x3db3:$x2: IClientNetworkHost
- 0xcd55:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.450f17b.29.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x3d99:$x2: NanoCore.ClientPluginHost
- 0xcd3b:$x2: NanoCore.ClientPluginHost
- 0x4dce:$s4: PipeCreated
- 0x3d86:$s5: IClientLoggingHost
- 0xcd28:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.451d5ab.28.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x170b:$x1: NanoCore.ClientPluginHost
- 0x1725:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.451d5ab.28.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x170b:$x2: NanoCore.ClientPluginHost
- 0x34b6:$s4: PipeCreated
- 0x16f8:$s5: IClientLoggingHost
|
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.831ebd8.12.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.831ebd8.12.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.831ebd8.12.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.831ebd8.12.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.1570000.7.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x2205:$x1: NanoCore.ClientPluginHost
- 0x223e:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.1570000.7.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2205:$x2: NanoCore.ClientPluginHost
- 0x2320:$s4: PipeCreated
- 0x221f:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.438e747.25.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x350b:$x1: NanoCore.ClientPluginHost
- 0x28411:$x1: NanoCore.ClientPluginHost
- 0x37853:$x1: NanoCore.ClientPluginHost
- 0x3525:$x2: IClientNetworkHost
- 0x2842b:$x2: IClientNetworkHost
- 0x37890:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.438e747.25.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x350b:$x2: NanoCore.ClientPluginHost
- 0x28411:$x2: NanoCore.ClientPluginHost
- 0x37853:$x2: NanoCore.ClientPluginHost
- 0x52b6:$s4: PipeCreated
- 0x2b74e:$s4: PipeCreated
- 0x3aca6:$s4: PipeCreated
- 0x34f8:$s5: IClientLoggingHost
- 0x283fe:$s5: IClientLoggingHost
- 0x3787d:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.41c8a00.21.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xf7ad:$x1: NanoCore.ClientPluginHost
- 0xf7da:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.41c8a00.21.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xf7ad:$x2: NanoCore.ClientPluginHost
- 0x10888:$s4: PipeCreated
- 0xf7c7:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.41c8a00.21.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.48a5690.6.unpack | JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | |
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.48a5690.6.unpack | JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | |
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.450f17b.29.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x5b99:$x1: NanoCore.ClientPluginHost
- 0x1193b:$x1: NanoCore.ClientPluginHost
- 0x3683f:$x1: NanoCore.ClientPluginHost
- 0x45c7f:$x1: NanoCore.ClientPluginHost
- 0x5bb3:$x2: IClientNetworkHost
- 0x11955:$x2: IClientNetworkHost
- 0x36859:$x2: IClientNetworkHost
- 0x45cbc:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.450f17b.29.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x5b99:$x2: NanoCore.ClientPluginHost
- 0x1193b:$x2: NanoCore.ClientPluginHost
- 0x3683f:$x2: NanoCore.ClientPluginHost
- 0x45c7f:$x2: NanoCore.ClientPluginHost
- 0x6bce:$s4: PipeCreated
- 0x136e6:$s4: PipeCreated
- 0x39b7c:$s4: PipeCreated
- 0x490d2:$s4: PipeCreated
- 0x5b86:$s5: IClientLoggingHost
- 0x11928:$s5: IClientLoggingHost
- 0x3682c:$s5: IClientLoggingHost
- 0x45ca9:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.1560000.6.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x13a8:$x1: NanoCore.ClientPluginHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.1560000.6.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x13a8:$x2: NanoCore.ClientPluginHost
- 0x1486:$s4: PipeCreated
- 0x13c2:$s5: IClientLoggingHost
|
27.0.svchost.exe.b10000.12.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth | - 0x1a9706:$x1: https://cdn.discordapp.com/attachments/
- 0x1a97ba:$x1: https://cdn.discordapp.com/attachments/
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.4380315.26.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x5b99:$x1: NanoCore.ClientPluginHost
- 0x1193d:$x1: NanoCore.ClientPluginHost
- 0x36843:$x1: NanoCore.ClientPluginHost
- 0x45c85:$x1: NanoCore.ClientPluginHost
- 0x5bb3:$x2: IClientNetworkHost
- 0x11957:$x2: IClientNetworkHost
- 0x3685d:$x2: IClientNetworkHost
- 0x45cc2:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.4380315.26.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x5b99:$x2: NanoCore.ClientPluginHost
- 0x1193d:$x2: NanoCore.ClientPluginHost
- 0x36843:$x2: NanoCore.ClientPluginHost
- 0x45c85:$x2: NanoCore.ClientPluginHost
- 0x6bce:$s4: PipeCreated
- 0x136e8:$s4: PipeCreated
- 0x39b80:$s4: PipeCreated
- 0x490d8:$s4: PipeCreated
- 0x5b86:$s5: IClientLoggingHost
- 0x1192a:$s5: IClientLoggingHost
- 0x36830:$s5: IClientLoggingHost
- 0x45caf:$s5: IClientLoggingHost
|
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.49a56b0.8.unpack | JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | |
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.49a56b0.8.unpack | JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | |
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.4255f98.23.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1f1db:$x1: NanoCore.ClientPluginHost
- 0x1f1f5:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.4255f98.23.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1f1db:$x2: NanoCore.ClientPluginHost
- 0x22518:$s4: PipeCreated
- 0x1f1c8:$s5: IClientLoggingHost
|
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.4a60000.9.raw.unpack | JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | |
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.4a60000.9.raw.unpack | JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | |
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.439797d.27.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1f1db:$x1: NanoCore.ClientPluginHost
- 0x2e61d:$x1: NanoCore.ClientPluginHost
- 0x1f1f5:$x2: IClientNetworkHost
- 0x2e65a:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.439797d.27.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1f1db:$x2: NanoCore.ClientPluginHost
- 0x2e61d:$x2: NanoCore.ClientPluginHost
- 0x22518:$s4: PipeCreated
- 0x31a70:$s4: PipeCreated
- 0x1f1c8:$s5: IClientLoggingHost
- 0x2e647:$s5: IClientLoggingHost
|
18.0.svchost.exe.58b0000.7.unpack | JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | |
18.0.svchost.exe.58b0000.7.unpack | JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | |
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.1500000.3.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x8ba5:$x1: NanoCore.ClientPluginHost
- 0x8bd2:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.1500000.3.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x8ba5:$x2: NanoCore.ClientPluginHost
- 0x9b74:$s2: FileCommand
- 0xe576:$s4: PipeCreated
- 0x8bbf:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.1500000.3.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x6da5:$x1: NanoCore.ClientPluginHost
- 0x6dd2:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.1500000.3.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x6da5:$x2: NanoCore.ClientPluginHost
- 0x7d74:$s2: FileCommand
- 0xc776:$s4: PipeCreated
- 0x6dbf:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.400000.0.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.400000.0.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.400000.0.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.400000.0.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.6200000.33.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xd9ad:$x1: NanoCore.ClientPluginHost
- 0xd9da:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.6200000.33.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xd9ad:$x2: NanoCore.ClientPluginHost
- 0xea88:$s4: PipeCreated
- 0xd9c7:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.6200000.33.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
18.0.svchost.exe.56e5690.3.raw.unpack | JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | |
18.0.svchost.exe.56e5690.3.raw.unpack | JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | |
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.31f76dc.19.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x2dbb:$x1: NanoCore.ClientPluginHost
- 0x2de5:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.31f76dc.19.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2dbb:$x2: NanoCore.ClientPluginHost
- 0x4c6b:$s4: PipeCreated
|
18.0.svchost.exe.56e5690.3.unpack | JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | |
18.0.svchost.exe.56e5690.3.unpack | JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | |
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.41cd029.20.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xb184:$x1: NanoCore.ClientPluginHost
- 0xb1b1:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.41cd029.20.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xb184:$x2: NanoCore.ClientPluginHost
- 0xc25f:$s4: PipeCreated
- 0xb19e:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.41cd029.20.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.4380315.26.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x3d99:$x1: NanoCore.ClientPluginHost
- 0xcd3d:$x1: NanoCore.ClientPluginHost
- 0x3db3:$x2: IClientNetworkHost
- 0xcd57:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.4380315.26.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x3d99:$x2: NanoCore.ClientPluginHost
- 0xcd3d:$x2: NanoCore.ClientPluginHost
- 0x4dce:$s4: PipeCreated
- 0x3d86:$s5: IClientLoggingHost
- 0xcd2a:$s5: IClientLoggingHost
|
27.0.svchost.exe.5530000.7.unpack | JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | |
27.0.svchost.exe.5530000.7.unpack | JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | |
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.1550000.5.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x3f0b:$x1: NanoCore.ClientPluginHost
- 0x3f44:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.1550000.5.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x3f0b:$x2: NanoCore.ClientPluginHost
- 0x400f:$s4: PipeCreated
- 0x3f25:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.1550000.5.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x5b0b:$x1: NanoCore.ClientPluginHost
- 0x5b44:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.1550000.5.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x5b0b:$x2: NanoCore.ClientPluginHost
- 0x5c0f:$s4: PipeCreated
- 0x5b25:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.2ede8a4.13.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x10937:$x1: NanoCore.ClientPluginHost
- 0x10951:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.2ede8a4.13.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x10937:$x2: NanoCore.ClientPluginHost
- 0x13c74:$s4: PipeCreated
- 0x10924:$s5: IClientLoggingHost
|
18.0.svchost.exe.4fd0778.4.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
18.0.svchost.exe.4fd0778.4.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
18.0.svchost.exe.4fd0778.4.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
18.0.svchost.exe.4fd0778.4.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
18.0.svchost.exe.f80000.1.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth | - 0x1a9706:$x1: https://cdn.discordapp.com/attachments/
- 0x1a97ba:$x1: https://cdn.discordapp.com/attachments/
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.1540000.4.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x16e3:$x1: NanoCore.ClientPluginHost
- 0x171c:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.1540000.4.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x16e3:$x2: NanoCore.ClientPluginHost
- 0x1800:$s4: PipeCreated
- 0x16fd:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.4502d4c.30.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x59eb:$x1: NanoCore.ClientPluginHost
- 0x11fc8:$x1: NanoCore.ClientPluginHost
- 0x1dd6a:$x1: NanoCore.ClientPluginHost
- 0x42c6e:$x1: NanoCore.ClientPluginHost
- 0x520ae:$x1: NanoCore.ClientPluginHost
- 0x5b48:$x2: IClientNetworkHost
- 0x11fe2:$x2: IClientNetworkHost
- 0x1dd84:$x2: IClientNetworkHost
- 0x42c88:$x2: IClientNetworkHost
- 0x520eb:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.4502d4c.30.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x59eb:$x2: NanoCore.ClientPluginHost
- 0x11fc8:$x2: NanoCore.ClientPluginHost
- 0x1dd6a:$x2: NanoCore.ClientPluginHost
- 0x42c6e:$x2: NanoCore.ClientPluginHost
- 0x520ae:$x2: NanoCore.ClientPluginHost
- 0x6941:$s3: PipeExists
- 0x5be1:$s4: PipeCreated
- 0x12ffd:$s4: PipeCreated
- 0x1fb15:$s4: PipeCreated
- 0x45fab:$s4: PipeCreated
- 0x55501:$s4: PipeCreated
- 0x5a05:$s5: IClientLoggingHost
- 0x11fb5:$s5: IClientLoggingHost
- 0x1dd57:$s5: IClientLoggingHost
- 0x42c5b:$s5: IClientLoggingHost
- 0x520d8:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.4502d4c.30.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x59eb:$a: NanoCore
- 0x5ad5:$a: NanoCore
- 0x694c:$a: NanoCore
- 0x11f9f:$a: NanoCore
- 0x11fc8:$a: NanoCore
- 0x1dd41:$a: NanoCore
- 0x1dd6a:$a: NanoCore
- 0x42c2d:$a: NanoCore
- 0x42c45:$a: NanoCore
- 0x42c6e:$a: NanoCore
- 0x52071:$a: NanoCore
- 0x52089:$a: NanoCore
- 0x520ae:$a: NanoCore
- 0x5461:$b: ClientPlugin
- 0x54ef:$b: ClientPlugin
- 0x54fc:$b: ClientPlugin
- 0x55ea:$b: ClientPlugin
- 0x59f4:$b: ClientPlugin
- 0x5ade:$b: ClientPlugin
- 0x740e:$b: ClientPlugin
- 0x7434:$b: ClientPlugin
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.1590000.9.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xddb:$x1: NanoCore.ClientPluginHost
- 0xdbb:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.1590000.9.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xddb:$x2: NanoCore.ClientPluginHost
- 0x8b0:$s4: PipeCreated
- 0xd7b:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.6204629.32.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xb184:$x1: NanoCore.ClientPluginHost
- 0xb1b1:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.6204629.32.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xb184:$x2: NanoCore.ClientPluginHost
- 0xc25f:$s4: PipeCreated
- 0xb19e:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.6204629.32.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.4a60000.9.unpack | JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | |
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.4a60000.9.unpack | JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | |
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.31f76dc.19.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x4bbb:$x1: NanoCore.ClientPluginHost
- 0x355f1:$x1: NanoCore.ClientPluginHost
- 0x4276b:$x1: NanoCore.ClientPluginHost
- 0x4c5cb:$x1: NanoCore.ClientPluginHost
- 0x536a8:$x1: NanoCore.ClientPluginHost
- 0x59941:$x1: NanoCore.ClientPluginHost
- 0x63f5f:$x1: NanoCore.ClientPluginHost
- 0x6b79b:$x1: NanoCore.ClientPluginHost
- 0x71d9d:$x1: NanoCore.ClientPluginHost
- 0x7db53:$x1: NanoCore.ClientPluginHost
- 0x898aa:$x1: NanoCore.ClientPluginHost
- 0x4be5:$x2: IClientNetworkHost
- 0x3561e:$x2: IClientNetworkHost
- 0x427a4:$x2: IClientNetworkHost
- 0x4c604:$x2: IClientNetworkHost
- 0x5997a:$x2: IClientNetworkHost
- 0x640bc:$x2: IClientNetworkHost
- 0x6b77b:$x2: IClientNetworkHost
- 0x71db7:$x2: IClientNetworkHost
- 0x7db6d:$x2: IClientNetworkHost
- 0x898e7:$x2: IClientNetworkHost
|
18.0.svchost.exe.58b0000.7.raw.unpack | JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | |
18.0.svchost.exe.58b0000.7.raw.unpack | JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | |
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.15c0000.11.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x170b:$x1: NanoCore.ClientPluginHost
- 0x1725:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.15c0000.11.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x170b:$x2: NanoCore.ClientPluginHost
- 0x34b6:$s4: PipeCreated
- 0x16f8:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.3198cb0.16.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.3198cb0.16.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.15c0000.11.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x350b:$x1: NanoCore.ClientPluginHost
- 0x3525:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.15c0000.11.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x350b:$x2: NanoCore.ClientPluginHost
- 0x52b6:$s4: PipeCreated
- 0x34f8:$s5: IClientLoggingHost
|
18.0.svchost.exe.f80000.0.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth | - 0x1a9706:$x1: https://cdn.discordapp.com/attachments/
- 0x1a97ba:$x1: https://cdn.discordapp.com/attachments/
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.451d5ab.28.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x350b:$x1: NanoCore.ClientPluginHost
- 0x2840f:$x1: NanoCore.ClientPluginHost
- 0x3784f:$x1: NanoCore.ClientPluginHost
- 0x3525:$x2: IClientNetworkHost
- 0x28429:$x2: IClientNetworkHost
- 0x3788c:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.451d5ab.28.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x350b:$x2: NanoCore.ClientPluginHost
- 0x2840f:$x2: NanoCore.ClientPluginHost
- 0x3784f:$x2: NanoCore.ClientPluginHost
- 0x52b6:$s4: PipeCreated
- 0x2b74c:$s4: PipeCreated
- 0x3aca2:$s4: PipeCreated
- 0x34f8:$s5: IClientLoggingHost
- 0x283fc:$s5: IClientLoggingHost
- 0x37879:$s5: IClientLoggingHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.2ed4c9f.14.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1a53c:$x1: NanoCore.ClientPluginHost
- 0x1a556:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.2ed4c9f.14.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1a53c:$x2: NanoCore.ClientPluginHost
- 0x1d879:$s4: PipeCreated
- 0x1a529:$s5: IClientLoggingHost
|
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.49a56b0.8.raw.unpack | JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | |
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.49a56b0.8.raw.unpack | JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | |
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.580000.1.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth | - 0x1a9706:$x1: https://cdn.discordapp.com/attachments/
- 0x1a97ba:$x1: https://cdn.discordapp.com/attachments/
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.425ac37.24.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1a53c:$x1: NanoCore.ClientPluginHost
- 0x1a556:$x2: IClientNetworkHost
|
14.2.H1GC5Z4C39PAYMENTRECEIPT.exe.425ac37.24.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1a53c:$x2: NanoCore.ClientPluginHost
- 0x1d879:$s4: PipeCreated
- 0x1a529:$s5: IClientLoggingHost
|
14.0.H1GC5Z4C39PAYMENTRECEIPT.exe.cf0000.0.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth | - 0x1a9706:$x1: https://cdn.discordapp.com/attachments/
- 0x1a97ba:$x1: https://cdn.discordapp.com/attachments/
|
27.0.svchost.exe.b10000.0.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth | - 0x1a9706:$x1: https://cdn.discordapp.com/attachments/
- 0x1a97ba:$x1: https://cdn.discordapp.com/attachments/
|
27.0.svchost.exe.5375690.3.unpack | JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | |
27.0.svchost.exe.5375690.3.unpack | JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | |
27.0.svchost.exe.b10000.1.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth | - 0x1a9706:$x1: https://cdn.discordapp.com/attachments/
- 0x1a97ba:$x1: https://cdn.discordapp.com/attachments/
|
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.580000.0.unpack | SUSP_PE_Discord_Attachment_Oct21_1 | Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN) | Florian Roth | - 0x1a9706:$x1: https://cdn.discordapp.com/attachments/
- 0x1a97ba:$x1: https://cdn.discordapp.com/attachments/
|
27.0.svchost.exe.5375690.3.raw.unpack | JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | |
27.0.svchost.exe.5375690.3.raw.unpack | JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | |
27.0.svchost.exe.5530000.7.raw.unpack | JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | |
27.0.svchost.exe.5530000.7.raw.unpack | JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | |
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.4825670.7.raw.unpack | JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | |
0.0.H1GC5Z4C39PAYMENTRECEIPT.exe.4825670.7.raw.unpack | JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | |
27.0.svchost.exe.52f5670.5.raw.unpack | JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | |
27.0.svchost.exe.52f5670.5.raw.unpack | JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | |
18.0.svchost.exe.5665670.5.raw.unpack | JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | |
18.0.svchost.exe.5665670.5.raw.unpack | JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | |
27.0.svchost.exe.4c60778.4.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
27.0.svchost.exe.4c60778.4.raw.unpack | JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | |
27.0.svchost.exe.4c60778.4.raw.unpack | JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | |
27.0.svchost.exe.4c60778.4.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
27.0.svchost.exe.4c60778.4.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x6d2edf:$c: ProjectData
- 0x752eff:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x6d69ea:$e: KeepAlive
- 0x756a0a:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
|
18.0.svchost.exe.4fd0778.4.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
18.0.svchost.exe.4fd0778.4.raw.unpack | JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | |
18.0.svchost.exe.4fd0778.4.raw.unpack | JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | |
18.0.svchost.exe.4fd0778.4.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
18.0.svchost.exe.4fd0778.4.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x6d2edf:$c: ProjectData
- 0x752eff:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x6d69ea:$e: KeepAlive
- 0x756a0a:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
|
Click to see the 184 entries |