Source: 19.0.2FXSF6MXcV.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 19.0.2FXSF6MXcV.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 19.2.2FXSF6MXcV.exe.65e4629.8.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 19.2.2FXSF6MXcV.exe.6530000.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.2FXSF6MXcV.exe.3206ac4.2.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.2FXSF6MXcV.exe.3206ac4.2.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.2FXSF6MXcV.exe.3206ac4.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.2FXSF6MXcV.exe.3206ac4.2.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 19.0.2FXSF6MXcV.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 19.0.2FXSF6MXcV.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.2FXSF6MXcV.exe.4105530.4.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.2FXSF6MXcV.exe.4105530.4.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 19.2.2FXSF6MXcV.exe.65e0000.9.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 19.2.2FXSF6MXcV.exe.43bff4c.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.2FXSF6MXcV.exe.43a6a40.6.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.2FXSF6MXcV.exe.43a6a40.6.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 19.2.2FXSF6MXcV.exe.33c87e8.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 19.2.2FXSF6MXcV.exe.43bb116.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 19.2.2FXSF6MXcV.exe.43bb116.3.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.2FXSF6MXcV.exe.4105530.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.2FXSF6MXcV.exe.4105530.4.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 19.2.2FXSF6MXcV.exe.43bff4c.4.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 19.2.2FXSF6MXcV.exe.65e0000.9.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 19.0.2FXSF6MXcV.exe.400000.10.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 19.0.2FXSF6MXcV.exe.400000.10.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 19.0.2FXSF6MXcV.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 19.0.2FXSF6MXcV.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 19.0.2FXSF6MXcV.exe.400000.12.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 19.0.2FXSF6MXcV.exe.400000.12.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.3.2FXSF6MXcV.exe.43cea60.0.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.3.2FXSF6MXcV.exe.43cea60.0.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.2FXSF6MXcV.exe.43a6a40.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.2FXSF6MXcV.exe.43a6a40.6.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 19.2.2FXSF6MXcV.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 19.2.2FXSF6MXcV.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.3.2FXSF6MXcV.exe.43cea60.0.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.3.2FXSF6MXcV.exe.43cea60.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 19.2.2FXSF6MXcV.exe.43c4575.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000013.00000000.410602716.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000013.00000000.410602716.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000013.00000000.411789598.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000013.00000000.411789598.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000003.404881543.00000000043C7000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000000.00000003.404881543.00000000043C7000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000013.00000002.556312949.00000000065E0000.00000004.00020000.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000000.00000002.422619914.000000000437F000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000000.00000002.422619914.000000000437F000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000013.00000000.411248412.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000013.00000000.411248412.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000013.00000000.412380595.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000013.00000000.412380595.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000013.00000002.554569940.00000000043B9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000013.00000002.549310054.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000013.00000002.549310054.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000002.416883288.00000000031A3000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000000.00000002.416883288.00000000031A3000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000013.00000002.556187820.0000000006530000.00000004.00020000.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000000.00000002.417608309.0000000004101000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000000.00000002.417608309.0000000004101000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: 2FXSF6MXcV.exe PID: 6132, type: MEMORYSTR | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: 2FXSF6MXcV.exe PID: 6132, type: MEMORYSTR | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: 2FXSF6MXcV.exe PID: 4936, type: MEMORYSTR | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: 2FXSF6MXcV.exe PID: 4936, type: MEMORYSTR | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 19.0.2FXSF6MXcV.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 19.0.2FXSF6MXcV.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 19.0.2FXSF6MXcV.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 19.2.2FXSF6MXcV.exe.65e4629.8.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 19.2.2FXSF6MXcV.exe.65e4629.8.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 19.2.2FXSF6MXcV.exe.6530000.6.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 19.2.2FXSF6MXcV.exe.6530000.6.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.2FXSF6MXcV.exe.3206ac4.2.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.2FXSF6MXcV.exe.3206ac4.2.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.2FXSF6MXcV.exe.3206ac4.2.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.2.2FXSF6MXcV.exe.3206ac4.2.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.2FXSF6MXcV.exe.3206ac4.2.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.2FXSF6MXcV.exe.3206ac4.2.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 19.0.2FXSF6MXcV.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 19.0.2FXSF6MXcV.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 19.0.2FXSF6MXcV.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.2.2FXSF6MXcV.exe.4105530.4.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.2FXSF6MXcV.exe.4105530.4.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.2FXSF6MXcV.exe.4105530.4.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 19.2.2FXSF6MXcV.exe.65e0000.9.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 19.2.2FXSF6MXcV.exe.65e0000.9.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 19.2.2FXSF6MXcV.exe.43bff4c.4.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 19.2.2FXSF6MXcV.exe.43bff4c.4.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.2FXSF6MXcV.exe.43a6a40.6.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.2FXSF6MXcV.exe.43a6a40.6.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.2FXSF6MXcV.exe.43a6a40.6.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 19.2.2FXSF6MXcV.exe.33c87e8.2.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 19.2.2FXSF6MXcV.exe.33c87e8.2.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 19.2.2FXSF6MXcV.exe.43bb116.3.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 19.2.2FXSF6MXcV.exe.43bb116.3.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 19.2.2FXSF6MXcV.exe.43bb116.3.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.2.2FXSF6MXcV.exe.4105530.4.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.2FXSF6MXcV.exe.4105530.4.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 19.2.2FXSF6MXcV.exe.43bff4c.4.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 19.2.2FXSF6MXcV.exe.43bff4c.4.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 19.2.2FXSF6MXcV.exe.65e0000.9.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 19.2.2FXSF6MXcV.exe.65e0000.9.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 19.0.2FXSF6MXcV.exe.400000.10.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 19.0.2FXSF6MXcV.exe.400000.10.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 19.0.2FXSF6MXcV.exe.400000.10.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 19.0.2FXSF6MXcV.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 19.0.2FXSF6MXcV.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 19.0.2FXSF6MXcV.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 19.0.2FXSF6MXcV.exe.400000.12.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 19.0.2FXSF6MXcV.exe.400000.12.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 19.0.2FXSF6MXcV.exe.400000.12.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.3.2FXSF6MXcV.exe.43cea60.0.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.3.2FXSF6MXcV.exe.43cea60.0.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.2FXSF6MXcV.exe.43cea60.0.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.2.2FXSF6MXcV.exe.43a6a40.6.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.2FXSF6MXcV.exe.43a6a40.6.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.2FXSF6MXcV.exe.43a6a40.6.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 19.2.2FXSF6MXcV.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 19.2.2FXSF6MXcV.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 19.2.2FXSF6MXcV.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.3.2FXSF6MXcV.exe.43cea60.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.3.2FXSF6MXcV.exe.43cea60.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.3.2FXSF6MXcV.exe.43cea60.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 19.2.2FXSF6MXcV.exe.43c4575.5.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 19.2.2FXSF6MXcV.exe.43c4575.5.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000013.00000000.410602716.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000013.00000000.410602716.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000013.00000000.411789598.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000013.00000000.411789598.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000003.404881543.00000000043C7000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000000.00000003.404881543.00000000043C7000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000013.00000002.556312949.00000000065E0000.00000004.00020000.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000013.00000002.556312949.00000000065E0000.00000004.00020000.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000002.422619914.000000000437F000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000000.00000002.422619914.000000000437F000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000013.00000000.411248412.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000013.00000000.411248412.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000013.00000000.412380595.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000013.00000000.412380595.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000013.00000002.554569940.00000000043B9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000013.00000002.549310054.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000013.00000002.549310054.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000002.416883288.00000000031A3000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000000.00000002.416883288.00000000031A3000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000013.00000002.556187820.0000000006530000.00000004.00020000.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000013.00000002.556187820.0000000006530000.00000004.00020000.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000002.417608309.0000000004101000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000000.00000002.417608309.0000000004101000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: 2FXSF6MXcV.exe PID: 6132, type: MEMORYSTR | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: 2FXSF6MXcV.exe PID: 6132, type: MEMORYSTR | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: 2FXSF6MXcV.exe PID: 4936, type: MEMORYSTR | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: 2FXSF6MXcV.exe PID: 4936, type: MEMORYSTR | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2FXSF6MXcV.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\firefox.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |