9.2.RegSvcs.exe.b60000.10.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x13a8:$x1: NanoCore.ClientPluginHost
|
9.2.RegSvcs.exe.b60000.10.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x13a8:$x2: NanoCore.ClientPluginHost
- 0x1486:$s4: PipeCreated
- 0x13c2:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.24edff4.18.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.24edff4.18.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.540000.1.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.540000.1.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.3937620.32.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xd9ad:$x1: NanoCore.ClientPluginHost
- 0xd9da:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.3937620.32.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xd9ad:$x2: NanoCore.ClientPluginHost
- 0xea88:$s4: PipeCreated
- 0xd9c7:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.3937620.32.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
9.0.RegSvcs.exe.400000.3.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
9.0.RegSvcs.exe.400000.3.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
9.0.RegSvcs.exe.400000.3.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
9.0.RegSvcs.exe.400000.3.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
9.2.RegSvcs.exe.550000.3.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xf7ad:$x1: NanoCore.ClientPluginHost
- 0xf7da:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.550000.3.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xf7ad:$x2: NanoCore.ClientPluginHost
- 0x10888:$s4: PipeCreated
- 0xf7c7:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.550000.3.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
9.2.RegSvcs.exe.351e358.24.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xd9ad:$x1: NanoCore.ClientPluginHost
- 0xd9da:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.351e358.24.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xd9ad:$x2: NanoCore.ClientPluginHost
- 0xea88:$s4: PipeCreated
- 0xd9c7:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.351e358.24.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
9.2.RegSvcs.exe.770000.6.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x16e3:$x1: NanoCore.ClientPluginHost
- 0x171c:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.770000.6.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x16e3:$x2: NanoCore.ClientPluginHost
- 0x1800:$s4: PipeCreated
- 0x16fd:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.880000.7.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x6da5:$x1: NanoCore.ClientPluginHost
- 0x6dd2:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.880000.7.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x6da5:$x2: NanoCore.ClientPluginHost
- 0x7d74:$s2: FileCommand
- 0xc776:$s4: PipeCreated
- 0x6dbf:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.36b69b1.26.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xb184:$x1: NanoCore.ClientPluginHost
- 0x18dbe:$x1: NanoCore.ClientPluginHost
- 0x28fda:$x1: NanoCore.ClientPluginHost
- 0x36143:$x1: NanoCore.ClientPluginHost
- 0x3c691:$x1: NanoCore.ClientPluginHost
- 0x42662:$x1: NanoCore.ClientPluginHost
- 0x4c0ce:$x1: NanoCore.ClientPluginHost
- 0x564f9:$x1: NanoCore.ClientPluginHost
- 0x614d6:$x1: NanoCore.ClientPluginHost
- 0xb1b1:$x2: IClientNetworkHost
- 0x18de8:$x2: IClientNetworkHost
- 0x29007:$x2: IClientNetworkHost
- 0x3617c:$x2: IClientNetworkHost
- 0x3c6ca:$x2: IClientNetworkHost
- 0x4c22b:$x2: IClientNetworkHost
- 0x56532:$x2: IClientNetworkHost
- 0x614f0:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.36b69b1.26.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xb184:$x2: NanoCore.ClientPluginHost
- 0x18dbe:$x2: NanoCore.ClientPluginHost
- 0x28fda:$x2: NanoCore.ClientPluginHost
- 0x36143:$x2: NanoCore.ClientPluginHost
- 0x3c691:$x2: NanoCore.ClientPluginHost
- 0x42662:$x2: NanoCore.ClientPluginHost
- 0x4c0ce:$x2: NanoCore.ClientPluginHost
- 0x564f9:$x2: NanoCore.ClientPluginHost
- 0x614d6:$x2: NanoCore.ClientPluginHost
- 0x29fa9:$s2: FileCommand
- 0x4d024:$s3: PipeExists
- 0xc25f:$s4: PipeCreated
- 0x1ac6e:$s4: PipeCreated
- 0x2e9ab:$s4: PipeCreated
- 0x36260:$s4: PipeCreated
- 0x3c7ac:$s4: PipeCreated
- 0x42740:$s4: PipeCreated
- 0x4c2c4:$s4: PipeCreated
- 0x56644:$s4: PipeCreated
- 0x6250b:$s4: PipeCreated
- 0xb19e:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.36b69b1.26.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
9.2.RegSvcs.exe.36b69b1.26.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xb13a:$a: NanoCore
- 0xb14f:$a: NanoCore
- 0xb184:$a: NanoCore
- 0x18d99:$a: NanoCore
- 0x18dbe:$a: NanoCore
- 0x18e17:$a: NanoCore
- 0x28fb4:$a: NanoCore
- 0x28fda:$a: NanoCore
- 0x29036:$a: NanoCore
- 0x35e8b:$a: NanoCore
- 0x35ee4:$a: NanoCore
- 0x35f17:$a: NanoCore
- 0x36143:$a: NanoCore
- 0x361bf:$a: NanoCore
- 0x367d8:$a: NanoCore
- 0x36921:$a: NanoCore
- 0x36df5:$a: NanoCore
- 0x370dc:$a: NanoCore
- 0x370f3:$a: NanoCore
- 0x3c691:$a: NanoCore
- 0x3c70b:$a: NanoCore
|
9.2.RegSvcs.exe.b70000.11.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x3deb:$x1: NanoCore.ClientPluginHost
- 0x3f48:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.b70000.11.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x3deb:$x2: NanoCore.ClientPluginHost
- 0x4d41:$s3: PipeExists
- 0x3fe1:$s4: PipeCreated
- 0x3e05:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.2460000.17.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1f1db:$x1: NanoCore.ClientPluginHost
- 0x1f1f5:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.2460000.17.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1f1db:$x2: NanoCore.ClientPluginHost
- 0x22518:$s4: PipeCreated
- 0x1f1c8:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.38ac326.29.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x5b99:$x1: NanoCore.ClientPluginHost
- 0x1193b:$x1: NanoCore.ClientPluginHost
- 0x3683f:$x1: NanoCore.ClientPluginHost
- 0x45c7f:$x1: NanoCore.ClientPluginHost
- 0x5bb3:$x2: IClientNetworkHost
- 0x11955:$x2: IClientNetworkHost
- 0x36859:$x2: IClientNetworkHost
- 0x45cbc:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.38ac326.29.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x5b99:$x2: NanoCore.ClientPluginHost
- 0x1193b:$x2: NanoCore.ClientPluginHost
- 0x3683f:$x2: NanoCore.ClientPluginHost
- 0x45c7f:$x2: NanoCore.ClientPluginHost
- 0x6bce:$s4: PipeCreated
- 0x136e6:$s4: PipeCreated
- 0x39b7c:$s4: PipeCreated
- 0x490d2:$s4: PipeCreated
- 0x5b86:$s5: IClientLoggingHost
- 0x11928:$s5: IClientLoggingHost
- 0x3682c:$s5: IClientLoggingHost
- 0x45ca9:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.36b2388.25.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xf7ad:$x1: NanoCore.ClientPluginHost
- 0x1d3e7:$x1: NanoCore.ClientPluginHost
- 0x2d603:$x1: NanoCore.ClientPluginHost
- 0x3a76c:$x1: NanoCore.ClientPluginHost
- 0x40cba:$x1: NanoCore.ClientPluginHost
- 0x46c8b:$x1: NanoCore.ClientPluginHost
- 0x506f7:$x1: NanoCore.ClientPluginHost
- 0x5ab22:$x1: NanoCore.ClientPluginHost
- 0x65aff:$x1: NanoCore.ClientPluginHost
- 0xf7da:$x2: IClientNetworkHost
- 0x1d411:$x2: IClientNetworkHost
- 0x2d630:$x2: IClientNetworkHost
- 0x3a7a5:$x2: IClientNetworkHost
- 0x40cf3:$x2: IClientNetworkHost
- 0x50854:$x2: IClientNetworkHost
- 0x5ab5b:$x2: IClientNetworkHost
- 0x65b19:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.36b2388.25.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xf7ad:$x2: NanoCore.ClientPluginHost
- 0x1d3e7:$x2: NanoCore.ClientPluginHost
- 0x2d603:$x2: NanoCore.ClientPluginHost
- 0x3a76c:$x2: NanoCore.ClientPluginHost
- 0x40cba:$x2: NanoCore.ClientPluginHost
- 0x46c8b:$x2: NanoCore.ClientPluginHost
- 0x506f7:$x2: NanoCore.ClientPluginHost
- 0x5ab22:$x2: NanoCore.ClientPluginHost
- 0x65aff:$x2: NanoCore.ClientPluginHost
- 0x2e5d2:$s2: FileCommand
- 0x5164d:$s3: PipeExists
- 0x10888:$s4: PipeCreated
- 0x1f297:$s4: PipeCreated
- 0x32fd4:$s4: PipeCreated
- 0x3a889:$s4: PipeCreated
- 0x40dd5:$s4: PipeCreated
- 0x46d69:$s4: PipeCreated
- 0x508ed:$s4: PipeCreated
- 0x5ac6d:$s4: PipeCreated
- 0x66b34:$s4: PipeCreated
- 0xf7c7:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.36b2388.25.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
9.2.RegSvcs.exe.36b2388.25.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xf763:$a: NanoCore
- 0xf778:$a: NanoCore
- 0xf7ad:$a: NanoCore
- 0x1d3c2:$a: NanoCore
- 0x1d3e7:$a: NanoCore
- 0x1d440:$a: NanoCore
- 0x2d5dd:$a: NanoCore
- 0x2d603:$a: NanoCore
- 0x2d65f:$a: NanoCore
- 0x3a4b4:$a: NanoCore
- 0x3a50d:$a: NanoCore
- 0x3a540:$a: NanoCore
- 0x3a76c:$a: NanoCore
- 0x3a7e8:$a: NanoCore
- 0x3ae01:$a: NanoCore
- 0x3af4a:$a: NanoCore
- 0x3b41e:$a: NanoCore
- 0x3b705:$a: NanoCore
- 0x3b71c:$a: NanoCore
- 0x40cba:$a: NanoCore
- 0x40d34:$a: NanoCore
|
9.2.RegSvcs.exe.b80000.12.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1deb:$x1: NanoCore.ClientPluginHost
- 0x1e24:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.b80000.12.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1deb:$x2: NanoCore.ClientPluginHost
- 0x1f36:$s4: PipeCreated
- 0x1e05:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.ba0000.14.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x350b:$x1: NanoCore.ClientPluginHost
- 0x3525:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.ba0000.14.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x350b:$x2: NanoCore.ClientPluginHost
- 0x52b6:$s4: PipeCreated
- 0x34f8:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.550000.3.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xd9ad:$x1: NanoCore.ClientPluginHost
- 0xd9da:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.550000.3.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xd9ad:$x2: NanoCore.ClientPluginHost
- 0xea88:$s4: PipeCreated
- 0xd9c7:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.550000.3.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
9.2.RegSvcs.exe.2460000.17.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1d3db:$x1: NanoCore.ClientPluginHost
- 0x1d3f5:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.2460000.17.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1d3db:$x2: NanoCore.ClientPluginHost
- 0x20718:$s4: PipeCreated
- 0x1d3c8:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.b90000.13.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x3d99:$x1: NanoCore.ClientPluginHost
- 0x3db3:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.b90000.13.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x3d99:$x2: NanoCore.ClientPluginHost
- 0x4dce:$s4: PipeCreated
- 0x3d86:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.4880000.34.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x41ee:$x1: NanoCore.ClientPluginHost
- 0x422b:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.4880000.34.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x41ee:$x2: NanoCore.ClientPluginHost
- 0x7641:$s4: PipeCreated
- 0x4218:$s5: IClientLoggingHost
|
9.0.RegSvcs.exe.400000.4.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
9.0.RegSvcs.exe.400000.4.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
9.0.RegSvcs.exe.400000.4.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
9.0.RegSvcs.exe.400000.4.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
9.2.RegSvcs.exe.a30000.8.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x3f0b:$x1: NanoCore.ClientPluginHost
- 0x3f44:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.a30000.8.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x3f0b:$x2: NanoCore.ClientPluginHost
- 0x400f:$s4: PipeCreated
- 0x3f25:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.a30000.8.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x5b0b:$x1: NanoCore.ClientPluginHost
- 0x5b44:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.a30000.8.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x5b0b:$x2: NanoCore.ClientPluginHost
- 0x5c0f:$s4: PipeCreated
- 0x5b25:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.38ba756.30.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x170b:$x1: NanoCore.ClientPluginHost
- 0x1725:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.38ba756.30.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x170b:$x2: NanoCore.ClientPluginHost
- 0x34b6:$s4: PipeCreated
- 0x16f8:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.38ac326.29.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x3d99:$x1: NanoCore.ClientPluginHost
- 0xcd3b:$x1: NanoCore.ClientPluginHost
- 0x3db3:$x2: IClientNetworkHost
- 0xcd55:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.38ac326.29.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x3d99:$x2: NanoCore.ClientPluginHost
- 0xcd3b:$x2: NanoCore.ClientPluginHost
- 0x4dce:$s4: PipeCreated
- 0x3d86:$s5: IClientLoggingHost
- 0xcd28:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.b80000.12.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x39eb:$x1: NanoCore.ClientPluginHost
- 0x3a24:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.b80000.12.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x39eb:$x2: NanoCore.ClientPluginHost
- 0x3b36:$s4: PipeCreated
- 0x3a05:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.38a34f7.28.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1deb:$x1: NanoCore.ClientPluginHost
- 0x1e24:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.38a34f7.28.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1deb:$x2: NanoCore.ClientPluginHost
- 0x1f36:$s4: PipeCreated
- 0x1e05:$s5: IClientLoggingHost
|
4.2.plugmahm65898.exe.34b98b0.4.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x42bad:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x42bea:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x4671d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
4.2.plugmahm65898.exe.34b98b0.4.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.plugmahm65898.exe.34b98b0.4.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0x42915:$a: NanoCore
- 0x42925:$a: NanoCore
- 0x42b59:$a: NanoCore
- 0x42b6d:$a: NanoCore
- 0x42bad:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x42974:$b: ClientPlugin
- 0x42b76:$b: ClientPlugin
- 0x42bb6:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x42a9b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x434a2:$d: DESCrypto
- 0x1844e:$e: KeepAlive
|
4.2.plugmahm65898.exe.3486c90.5.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
4.2.plugmahm65898.exe.3486c90.5.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
4.2.plugmahm65898.exe.3486c90.5.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.plugmahm65898.exe.3486c90.5.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
9.2.RegSvcs.exe.590000.5.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x2dbb:$x1: NanoCore.ClientPluginHost
- 0x2de5:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.590000.5.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2dbb:$x2: NanoCore.ClientPluginHost
- 0x4c6b:$s4: PipeCreated
|
4.2.plugmahm65898.exe.34b98b0.4.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
4.2.plugmahm65898.exe.34b98b0.4.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
4.2.plugmahm65898.exe.34b98b0.4.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.plugmahm65898.exe.34b98b0.4.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
9.2.RegSvcs.exe.554629.2.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xb184:$x1: NanoCore.ClientPluginHost
- 0xb1b1:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.554629.2.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xb184:$x2: NanoCore.ClientPluginHost
- 0xc25f:$s4: PipeCreated
- 0xb19e:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.554629.2.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
9.2.RegSvcs.exe.b90000.13.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x5b99:$x1: NanoCore.ClientPluginHost
- 0x5bb3:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.b90000.13.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x5b99:$x2: NanoCore.ClientPluginHost
- 0x6bce:$s4: PipeCreated
- 0x5b86:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.2464c9f.16.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1a53c:$x1: NanoCore.ClientPluginHost
- 0x1a556:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.2464c9f.16.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1a53c:$x2: NanoCore.ClientPluginHost
- 0x1d879:$s4: PipeCreated
- 0x1a529:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.256accc.20.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x2dbb:$x1: NanoCore.ClientPluginHost
- 0x2de5:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.256accc.20.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2dbb:$x2: NanoCore.ClientPluginHost
- 0x4c6b:$s4: PipeCreated
|
9.0.RegSvcs.exe.400000.2.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
9.0.RegSvcs.exe.400000.2.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
9.0.RegSvcs.exe.400000.2.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
9.0.RegSvcs.exe.400000.2.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
9.0.RegSvcs.exe.400000.1.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
9.0.RegSvcs.exe.400000.1.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
9.0.RegSvcs.exe.400000.1.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
9.0.RegSvcs.exe.400000.1.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
9.2.RegSvcs.exe.b50000.9.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x605:$x1: NanoCore.ClientPluginHost
- 0x63e:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.b50000.9.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x605:$x2: NanoCore.ClientPluginHost
- 0x720:$s4: PipeCreated
- 0x61f:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.2576f58.21.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x8ba5:$x1: NanoCore.ClientPluginHost
- 0x15d63:$x1: NanoCore.ClientPluginHost
- 0x1fc07:$x1: NanoCore.ClientPluginHost
- 0x27b81:$x1: NanoCore.ClientPluginHost
- 0x2dba8:$x1: NanoCore.ClientPluginHost
- 0x37667:$x1: NanoCore.ClientPluginHost
- 0x41ae7:$x1: NanoCore.ClientPluginHost
- 0x4cb1d:$x1: NanoCore.ClientPluginHost
- 0x58917:$x1: NanoCore.ClientPluginHost
- 0x64702:$x1: NanoCore.ClientPluginHost
- 0x8bd2:$x2: IClientNetworkHost
- 0x15d9c:$x2: IClientNetworkHost
- 0x1fc40:$x2: IClientNetworkHost
- 0x27bba:$x2: IClientNetworkHost
- 0x377c4:$x2: IClientNetworkHost
- 0x41b20:$x2: IClientNetworkHost
- 0x4cb37:$x2: IClientNetworkHost
- 0x58931:$x2: IClientNetworkHost
- 0x6473f:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.2576f58.21.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x8ba5:$x2: NanoCore.ClientPluginHost
- 0x15d63:$x2: NanoCore.ClientPluginHost
- 0x1fc07:$x2: NanoCore.ClientPluginHost
- 0x27b81:$x2: NanoCore.ClientPluginHost
- 0x2dba8:$x2: NanoCore.ClientPluginHost
- 0x37667:$x2: NanoCore.ClientPluginHost
- 0x41ae7:$x2: NanoCore.ClientPluginHost
- 0x4cb1d:$x2: NanoCore.ClientPluginHost
- 0x58917:$x2: NanoCore.ClientPluginHost
- 0x64702:$x2: NanoCore.ClientPluginHost
- 0x9b74:$s2: FileCommand
- 0x385bd:$s3: PipeExists
- 0xe576:$s4: PipeCreated
- 0x15e80:$s4: PipeCreated
- 0x1fd0b:$s4: PipeCreated
- 0x27c9c:$s4: PipeCreated
- 0x2dc86:$s4: PipeCreated
- 0x3785d:$s4: PipeCreated
- 0x41c32:$s4: PipeCreated
- 0x4db52:$s4: PipeCreated
- 0x5a6c2:$s4: PipeCreated
|
9.2.RegSvcs.exe.2576f58.21.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x8b7f:$a: NanoCore
- 0x8ba5:$a: NanoCore
- 0x8c01:$a: NanoCore
- 0x15aab:$a: NanoCore
- 0x15b04:$a: NanoCore
- 0x15b37:$a: NanoCore
- 0x15d63:$a: NanoCore
- 0x15ddf:$a: NanoCore
- 0x163f8:$a: NanoCore
- 0x16541:$a: NanoCore
- 0x16a15:$a: NanoCore
- 0x16cfc:$a: NanoCore
- 0x16d13:$a: NanoCore
- 0x1fc07:$a: NanoCore
- 0x1fc83:$a: NanoCore
- 0x22566:$a: NanoCore
- 0x27b81:$a: NanoCore
- 0x27bfb:$a: NanoCore
- 0x2dba8:$a: NanoCore
- 0x2dbf2:$a: NanoCore
- 0x2e84c:$a: NanoCore
|
9.2.RegSvcs.exe.ba0000.14.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x170b:$x1: NanoCore.ClientPluginHost
- 0x1725:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.ba0000.14.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x170b:$x2: NanoCore.ClientPluginHost
- 0x34b6:$s4: PipeCreated
- 0x16f8:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.393bc49.33.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xb184:$x1: NanoCore.ClientPluginHost
- 0x18dbe:$x1: NanoCore.ClientPluginHost
- 0x28fda:$x1: NanoCore.ClientPluginHost
- 0x36143:$x1: NanoCore.ClientPluginHost
- 0x3c691:$x1: NanoCore.ClientPluginHost
- 0x42662:$x1: NanoCore.ClientPluginHost
- 0x4c0ce:$x1: NanoCore.ClientPluginHost
- 0x564f9:$x1: NanoCore.ClientPluginHost
- 0x614d6:$x1: NanoCore.ClientPluginHost
- 0x6d278:$x1: NanoCore.ClientPluginHost
- 0x9217c:$x1: NanoCore.ClientPluginHost
- 0xa15bc:$x1: NanoCore.ClientPluginHost
- 0xb1b1:$x2: IClientNetworkHost
- 0x18de8:$x2: IClientNetworkHost
- 0x29007:$x2: IClientNetworkHost
- 0x3617c:$x2: IClientNetworkHost
- 0x3c6ca:$x2: IClientNetworkHost
- 0x4c22b:$x2: IClientNetworkHost
- 0x56532:$x2: IClientNetworkHost
- 0x614f0:$x2: IClientNetworkHost
- 0x6d292:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.393bc49.33.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
9.2.RegSvcs.exe.393bc49.33.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xb13a:$a: NanoCore
- 0xb14f:$a: NanoCore
- 0xb184:$a: NanoCore
- 0x18d99:$a: NanoCore
- 0x18dbe:$a: NanoCore
- 0x18e17:$a: NanoCore
- 0x28fb4:$a: NanoCore
- 0x28fda:$a: NanoCore
- 0x29036:$a: NanoCore
- 0x35e8b:$a: NanoCore
- 0x35ee4:$a: NanoCore
- 0x35f17:$a: NanoCore
- 0x36143:$a: NanoCore
- 0x361bf:$a: NanoCore
- 0x367d8:$a: NanoCore
- 0x36921:$a: NanoCore
- 0x36df5:$a: NanoCore
- 0x370dc:$a: NanoCore
- 0x370f3:$a: NanoCore
- 0x3c691:$a: NanoCore
- 0x3c70b:$a: NanoCore
|
9.2.RegSvcs.exe.b50000.9.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x2205:$x1: NanoCore.ClientPluginHost
- 0x223e:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.b50000.9.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x2205:$x2: NanoCore.ClientPluginHost
- 0x2320:$s4: PipeCreated
- 0x221f:$s5: IClientLoggingHost
|
9.0.RegSvcs.exe.400000.0.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
9.0.RegSvcs.exe.400000.0.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
9.0.RegSvcs.exe.400000.0.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
9.0.RegSvcs.exe.400000.0.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
9.2.RegSvcs.exe.4880000.34.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x5fee:$x1: NanoCore.ClientPluginHost
- 0x602b:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.4880000.34.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x5fee:$x2: NanoCore.ClientPluginHost
- 0x9441:$s4: PipeCreated
- 0x6018:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.38ba756.30.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x350b:$x1: NanoCore.ClientPluginHost
- 0x2840f:$x1: NanoCore.ClientPluginHost
- 0x3784f:$x1: NanoCore.ClientPluginHost
- 0x3525:$x2: IClientNetworkHost
- 0x28429:$x2: IClientNetworkHost
- 0x3788c:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.38ba756.30.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x350b:$x2: NanoCore.ClientPluginHost
- 0x2840f:$x2: NanoCore.ClientPluginHost
- 0x3784f:$x2: NanoCore.ClientPluginHost
- 0x52b6:$s4: PipeCreated
- 0x2b74c:$s4: PipeCreated
- 0x3aca2:$s4: PipeCreated
- 0x34f8:$s5: IClientLoggingHost
- 0x283fc:$s5: IClientLoggingHost
- 0x37879:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.258b5d8.19.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x16e3:$x1: NanoCore.ClientPluginHost
- 0xb587:$x1: NanoCore.ClientPluginHost
- 0x13501:$x1: NanoCore.ClientPluginHost
- 0x19528:$x1: NanoCore.ClientPluginHost
- 0x22fe7:$x1: NanoCore.ClientPluginHost
- 0x2d467:$x1: NanoCore.ClientPluginHost
- 0x3849d:$x1: NanoCore.ClientPluginHost
- 0x44297:$x1: NanoCore.ClientPluginHost
- 0x50082:$x1: NanoCore.ClientPluginHost
- 0x171c:$x2: IClientNetworkHost
- 0xb5c0:$x2: IClientNetworkHost
- 0x1353a:$x2: IClientNetworkHost
- 0x23144:$x2: IClientNetworkHost
- 0x2d4a0:$x2: IClientNetworkHost
- 0x384b7:$x2: IClientNetworkHost
- 0x442b1:$x2: IClientNetworkHost
- 0x500bf:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.258b5d8.19.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x16e3:$x2: NanoCore.ClientPluginHost
- 0xb587:$x2: NanoCore.ClientPluginHost
- 0x13501:$x2: NanoCore.ClientPluginHost
- 0x19528:$x2: NanoCore.ClientPluginHost
- 0x22fe7:$x2: NanoCore.ClientPluginHost
- 0x2d467:$x2: NanoCore.ClientPluginHost
- 0x3849d:$x2: NanoCore.ClientPluginHost
- 0x44297:$x2: NanoCore.ClientPluginHost
- 0x50082:$x2: NanoCore.ClientPluginHost
- 0x23f3d:$s3: PipeExists
- 0x1800:$s4: PipeCreated
- 0xb68b:$s4: PipeCreated
- 0x1361c:$s4: PipeCreated
- 0x19606:$s4: PipeCreated
- 0x231dd:$s4: PipeCreated
- 0x2d5b2:$s4: PipeCreated
- 0x394d2:$s4: PipeCreated
- 0x46042:$s4: PipeCreated
- 0x534d5:$s4: PipeCreated
- 0x16fd:$s5: IClientLoggingHost
- 0xb5a1:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.258b5d8.19.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x142b:$a: NanoCore
- 0x1484:$a: NanoCore
- 0x14b7:$a: NanoCore
- 0x16e3:$a: NanoCore
- 0x175f:$a: NanoCore
- 0x1d78:$a: NanoCore
- 0x1ec1:$a: NanoCore
- 0x2395:$a: NanoCore
- 0x267c:$a: NanoCore
- 0x2693:$a: NanoCore
- 0xb587:$a: NanoCore
- 0xb603:$a: NanoCore
- 0xdee6:$a: NanoCore
- 0x13501:$a: NanoCore
- 0x1357b:$a: NanoCore
- 0x19528:$a: NanoCore
- 0x19572:$a: NanoCore
- 0x1a1cc:$a: NanoCore
- 0x22fe7:$a: NanoCore
- 0x230d1:$a: NanoCore
- 0x23f48:$a: NanoCore
|
9.2.RegSvcs.exe.880000.7.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x8ba5:$x1: NanoCore.ClientPluginHost
- 0x8bd2:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.880000.7.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x8ba5:$x2: NanoCore.ClientPluginHost
- 0x9b74:$s2: FileCommand
- 0xe576:$s4: PipeCreated
- 0x8bbf:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.2576f58.21.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x6da5:$x1: NanoCore.ClientPluginHost
- 0x6dd2:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.2576f58.21.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x6da5:$x2: NanoCore.ClientPluginHost
- 0x7d74:$s2: FileCommand
- 0xc776:$s4: PipeCreated
- 0x6dbf:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.400000.0.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
9.2.RegSvcs.exe.400000.0.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.400000.0.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
9.2.RegSvcs.exe.400000.0.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
9.2.RegSvcs.exe.38a34f7.28.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x39eb:$x1: NanoCore.ClientPluginHost
- 0xe9c8:$x1: NanoCore.ClientPluginHost
- 0x1a76a:$x1: NanoCore.ClientPluginHost
- 0x3f66e:$x1: NanoCore.ClientPluginHost
- 0x4eaae:$x1: NanoCore.ClientPluginHost
- 0x3a24:$x2: IClientNetworkHost
- 0xe9e2:$x2: IClientNetworkHost
- 0x1a784:$x2: IClientNetworkHost
- 0x3f688:$x2: IClientNetworkHost
- 0x4eaeb:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.38a34f7.28.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x39eb:$x2: NanoCore.ClientPluginHost
- 0xe9c8:$x2: NanoCore.ClientPluginHost
- 0x1a76a:$x2: NanoCore.ClientPluginHost
- 0x3f66e:$x2: NanoCore.ClientPluginHost
- 0x4eaae:$x2: NanoCore.ClientPluginHost
- 0x3b36:$s4: PipeCreated
- 0xf9fd:$s4: PipeCreated
- 0x1c515:$s4: PipeCreated
- 0x429ab:$s4: PipeCreated
- 0x51f01:$s4: PipeCreated
- 0x3a05:$s5: IClientLoggingHost
- 0xe9b5:$s5: IClientLoggingHost
- 0x1a757:$s5: IClientLoggingHost
- 0x3f65b:$s5: IClientLoggingHost
- 0x4ead8:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.38a34f7.28.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x36cb:$a: NanoCore
- 0x372c:$a: NanoCore
- 0x376f:$a: NanoCore
- 0x37af:$a: NanoCore
- 0x39eb:$a: NanoCore
- 0x3a8b:$a: NanoCore
- 0x4263:$a: NanoCore
- 0x4856:$a: NanoCore
- 0x49a7:$a: NanoCore
- 0x5801:$a: NanoCore
- 0x5a68:$a: NanoCore
- 0x5a7d:$a: NanoCore
- 0x5a9c:$a: NanoCore
- 0xe99f:$a: NanoCore
- 0xe9c8:$a: NanoCore
- 0x1a741:$a: NanoCore
- 0x1a76a:$a: NanoCore
- 0x3f62d:$a: NanoCore
- 0x3f645:$a: NanoCore
- 0x3f66e:$a: NanoCore
- 0x4ea71:$a: NanoCore
|
4.2.plugmahm65898.exe.2234254.2.raw.unpack | JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | |
9.2.RegSvcs.exe.590000.5.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x4bbb:$x1: NanoCore.ClientPluginHost
- 0x4be5:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.590000.5.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x4bbb:$x2: NanoCore.ClientPluginHost
- 0x6a6b:$s4: PipeCreated
|
9.2.RegSvcs.exe.246e8a4.15.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x10937:$x1: NanoCore.ClientPluginHost
- 0x10951:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.246e8a4.15.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x10937:$x2: NanoCore.ClientPluginHost
- 0x13c74:$s4: PipeCreated
- 0x10924:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.b70000.11.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x59eb:$x1: NanoCore.ClientPluginHost
- 0x5b48:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.b70000.11.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x59eb:$x2: NanoCore.ClientPluginHost
- 0x6941:$s3: PipeExists
- 0x5be1:$s4: PipeCreated
- 0x5a05:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.36b2388.25.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xd9ad:$x1: NanoCore.ClientPluginHost
- 0xd9da:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.36b2388.25.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xd9ad:$x2: NanoCore.ClientPluginHost
- 0xea88:$s4: PipeCreated
- 0xd9c7:$s5: IClientLoggingHost
|
9.2.RegSvcs.exe.36b2388.25.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
9.2.RegSvcs.exe.39327ea.31.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0x145e3:$x1: NanoCore.ClientPluginHost
- 0x2221d:$x1: NanoCore.ClientPluginHost
- 0x32439:$x1: NanoCore.ClientPluginHost
- 0x3f5a2:$x1: NanoCore.ClientPluginHost
- 0x45af0:$x1: NanoCore.ClientPluginHost
- 0x4bac1:$x1: NanoCore.ClientPluginHost
- 0x5552d:$x1: NanoCore.ClientPluginHost
- 0x5f958:$x1: NanoCore.ClientPluginHost
- 0x6a935:$x1: NanoCore.ClientPluginHost
- 0x766d7:$x1: NanoCore.ClientPluginHost
- 0x9b5db:$x1: NanoCore.ClientPluginHost
- 0xaaa1b:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
- 0x14610:$x2: IClientNetworkHost
- 0x22247:$x2: IClientNetworkHost
- 0x32466:$x2: IClientNetworkHost
- 0x3f5db:$x2: IClientNetworkHost
- 0x45b29:$x2: IClientNetworkHost
- 0x5568a:$x2: IClientNetworkHost
- 0x5f991:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.39327ea.31.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
9.2.RegSvcs.exe.39327ea.31.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xddf:$a: NanoCore
- 0xe38:$a: NanoCore
- 0xe75:$a: NanoCore
- 0xeee:$a: NanoCore
- 0x14599:$a: NanoCore
- 0x145ae:$a: NanoCore
- 0x145e3:$a: NanoCore
- 0x221f8:$a: NanoCore
- 0x2221d:$a: NanoCore
- 0x22276:$a: NanoCore
- 0x32413:$a: NanoCore
- 0x32439:$a: NanoCore
- 0x32495:$a: NanoCore
- 0x3f2ea:$a: NanoCore
- 0x3f343:$a: NanoCore
- 0x3f376:$a: NanoCore
- 0x3f5a2:$a: NanoCore
- 0x3f61e:$a: NanoCore
- 0x3fc37:$a: NanoCore
- 0x3fd80:$a: NanoCore
- 0x40254:$a: NanoCore
|
9.2.RegSvcs.exe.36ad552.27.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0x145e3:$x1: NanoCore.ClientPluginHost
- 0x2221d:$x1: NanoCore.ClientPluginHost
- 0x32439:$x1: NanoCore.ClientPluginHost
- 0x3f5a2:$x1: NanoCore.ClientPluginHost
- 0x45af0:$x1: NanoCore.ClientPluginHost
- 0x4bac1:$x1: NanoCore.ClientPluginHost
- 0x5552d:$x1: NanoCore.ClientPluginHost
- 0x5f958:$x1: NanoCore.ClientPluginHost
- 0x6a935:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
- 0x14610:$x2: IClientNetworkHost
- 0x22247:$x2: IClientNetworkHost
- 0x32466:$x2: IClientNetworkHost
- 0x3f5db:$x2: IClientNetworkHost
- 0x45b29:$x2: IClientNetworkHost
- 0x5568a:$x2: IClientNetworkHost
- 0x5f991:$x2: IClientNetworkHost
- 0x6a94f:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.36ad552.27.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x145e3:$x2: NanoCore.ClientPluginHost
- 0x2221d:$x2: NanoCore.ClientPluginHost
- 0x32439:$x2: NanoCore.ClientPluginHost
- 0x3f5a2:$x2: NanoCore.ClientPluginHost
- 0x45af0:$x2: NanoCore.ClientPluginHost
- 0x4bac1:$x2: NanoCore.ClientPluginHost
- 0x5552d:$x2: NanoCore.ClientPluginHost
- 0x5f958:$x2: NanoCore.ClientPluginHost
- 0x6a935:$x2: NanoCore.ClientPluginHost
- 0x33408:$s2: FileCommand
- 0x1261:$s3: PipeExists
- 0x56483:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0x156be:$s4: PipeCreated
- 0x240cd:$s4: PipeCreated
- 0x37e0a:$s4: PipeCreated
- 0x3f6bf:$s4: PipeCreated
- 0x45c0b:$s4: PipeCreated
- 0x4bb9f:$s4: PipeCreated
- 0x55723:$s4: PipeCreated
|
9.2.RegSvcs.exe.36ad552.27.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
9.2.RegSvcs.exe.36ad552.27.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xddf:$a: NanoCore
- 0xe38:$a: NanoCore
- 0xe75:$a: NanoCore
- 0xeee:$a: NanoCore
- 0x14599:$a: NanoCore
- 0x145ae:$a: NanoCore
- 0x145e3:$a: NanoCore
- 0x221f8:$a: NanoCore
- 0x2221d:$a: NanoCore
- 0x22276:$a: NanoCore
- 0x32413:$a: NanoCore
- 0x32439:$a: NanoCore
- 0x32495:$a: NanoCore
- 0x3f2ea:$a: NanoCore
- 0x3f343:$a: NanoCore
- 0x3f376:$a: NanoCore
- 0x3f5a2:$a: NanoCore
- 0x3f61e:$a: NanoCore
- 0x3fc37:$a: NanoCore
- 0x3fd80:$a: NanoCore
- 0x40254:$a: NanoCore
|
9.2.RegSvcs.exe.351e358.24.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
9.2.RegSvcs.exe.351e358.24.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xf763:$a: NanoCore
- 0xf778:$a: NanoCore
- 0xf7ad:$a: NanoCore
- 0x2a57b:$a: NanoCore
- 0x2a590:$a: NanoCore
- 0x2a5c5:$a: NanoCore
- 0x8fa87:$a: NanoCore
- 0x8faac:$a: NanoCore
- 0x8fb05:$a: NanoCore
- 0x9fca4:$a: NanoCore
- 0x9fcca:$a: NanoCore
- 0x9fd26:$a: NanoCore
- 0xacb7d:$a: NanoCore
- 0xacbd6:$a: NanoCore
- 0xacc09:$a: NanoCore
- 0xace35:$a: NanoCore
- 0xaceb1:$a: NanoCore
- 0xad4ca:$a: NanoCore
- 0xad613:$a: NanoCore
- 0xadae7:$a: NanoCore
- 0xaddce:$a: NanoCore
|
9.2.RegSvcs.exe.256accc.20.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x4bbb:$x1: NanoCore.ClientPluginHost
- 0x14e31:$x1: NanoCore.ClientPluginHost
- 0x21fef:$x1: NanoCore.ClientPluginHost
- 0x2be93:$x1: NanoCore.ClientPluginHost
- 0x33e0d:$x1: NanoCore.ClientPluginHost
- 0x39e34:$x1: NanoCore.ClientPluginHost
- 0x438f3:$x1: NanoCore.ClientPluginHost
- 0x4dd73:$x1: NanoCore.ClientPluginHost
- 0x58da9:$x1: NanoCore.ClientPluginHost
- 0x64ba3:$x1: NanoCore.ClientPluginHost
- 0x7098e:$x1: NanoCore.ClientPluginHost
- 0x4be5:$x2: IClientNetworkHost
- 0x14e5e:$x2: IClientNetworkHost
- 0x22028:$x2: IClientNetworkHost
- 0x2becc:$x2: IClientNetworkHost
- 0x33e46:$x2: IClientNetworkHost
- 0x43a50:$x2: IClientNetworkHost
- 0x4ddac:$x2: IClientNetworkHost
- 0x58dc3:$x2: IClientNetworkHost
- 0x64bbd:$x2: IClientNetworkHost
- 0x709cb:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.256accc.20.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x4bbb:$x2: NanoCore.ClientPluginHost
- 0x14e31:$x2: NanoCore.ClientPluginHost
- 0x21fef:$x2: NanoCore.ClientPluginHost
- 0x2be93:$x2: NanoCore.ClientPluginHost
- 0x33e0d:$x2: NanoCore.ClientPluginHost
- 0x39e34:$x2: NanoCore.ClientPluginHost
- 0x438f3:$x2: NanoCore.ClientPluginHost
- 0x4dd73:$x2: NanoCore.ClientPluginHost
- 0x58da9:$x2: NanoCore.ClientPluginHost
- 0x64ba3:$x2: NanoCore.ClientPluginHost
- 0x7098e:$x2: NanoCore.ClientPluginHost
- 0x15e00:$s2: FileCommand
- 0x44849:$s3: PipeExists
- 0x6a6b:$s4: PipeCreated
- 0x1a802:$s4: PipeCreated
- 0x2210c:$s4: PipeCreated
- 0x2bf97:$s4: PipeCreated
- 0x33f28:$s4: PipeCreated
- 0x39f12:$s4: PipeCreated
- 0x43ae9:$s4: PipeCreated
- 0x4debe:$s4: PipeCreated
|
9.2.RegSvcs.exe.256accc.20.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x4b96:$a: NanoCore
- 0x4bbb:$a: NanoCore
- 0x4c14:$a: NanoCore
- 0x14e0b:$a: NanoCore
- 0x14e31:$a: NanoCore
- 0x14e8d:$a: NanoCore
- 0x21d37:$a: NanoCore
- 0x21d90:$a: NanoCore
- 0x21dc3:$a: NanoCore
- 0x21fef:$a: NanoCore
- 0x2206b:$a: NanoCore
- 0x22684:$a: NanoCore
- 0x227cd:$a: NanoCore
- 0x22ca1:$a: NanoCore
- 0x22f88:$a: NanoCore
- 0x22f9f:$a: NanoCore
- 0x2be93:$a: NanoCore
- 0x2bf0f:$a: NanoCore
- 0x2e7f2:$a: NanoCore
- 0x33e0d:$a: NanoCore
- 0x33e87:$a: NanoCore
|
9.2.RegSvcs.exe.3937620.32.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xf7ad:$x1: NanoCore.ClientPluginHost
- 0x1d3e7:$x1: NanoCore.ClientPluginHost
- 0x2d603:$x1: NanoCore.ClientPluginHost
- 0x3a76c:$x1: NanoCore.ClientPluginHost
- 0x40cba:$x1: NanoCore.ClientPluginHost
- 0x46c8b:$x1: NanoCore.ClientPluginHost
- 0x506f7:$x1: NanoCore.ClientPluginHost
- 0x5ab22:$x1: NanoCore.ClientPluginHost
- 0x65aff:$x1: NanoCore.ClientPluginHost
- 0x718a1:$x1: NanoCore.ClientPluginHost
- 0x967a5:$x1: NanoCore.ClientPluginHost
- 0xa5be5:$x1: NanoCore.ClientPluginHost
- 0xf7da:$x2: IClientNetworkHost
- 0x1d411:$x2: IClientNetworkHost
- 0x2d630:$x2: IClientNetworkHost
- 0x3a7a5:$x2: IClientNetworkHost
- 0x40cf3:$x2: IClientNetworkHost
- 0x50854:$x2: IClientNetworkHost
- 0x5ab5b:$x2: IClientNetworkHost
- 0x65b19:$x2: IClientNetworkHost
- 0x718bb:$x2: IClientNetworkHost
|
9.2.RegSvcs.exe.3937620.32.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
9.2.RegSvcs.exe.3937620.32.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xf763:$a: NanoCore
- 0xf778:$a: NanoCore
- 0xf7ad:$a: NanoCore
- 0x1d3c2:$a: NanoCore
- 0x1d3e7:$a: NanoCore
- 0x1d440:$a: NanoCore
- 0x2d5dd:$a: NanoCore
- 0x2d603:$a: NanoCore
- 0x2d65f:$a: NanoCore
- 0x3a4b4:$a: NanoCore
- 0x3a50d:$a: NanoCore
- 0x3a540:$a: NanoCore
- 0x3a76c:$a: NanoCore
- 0x3a7e8:$a: NanoCore
- 0x3ae01:$a: NanoCore
- 0x3af4a:$a: NanoCore
- 0x3b41e:$a: NanoCore
- 0x3b705:$a: NanoCore
- 0x3b71c:$a: NanoCore
- 0x40cba:$a: NanoCore
- 0x40d34:$a: NanoCore
|
9.2.RegSvcs.exe.3519522.23.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
9.2.RegSvcs.exe.3519522.23.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xddf:$a: NanoCore
- 0xe38:$a: NanoCore
- 0xe75:$a: NanoCore
- 0xeee:$a: NanoCore
- 0x14599:$a: NanoCore
- 0x145ae:$a: NanoCore
- 0x145e3:$a: NanoCore
- 0x2f3b1:$a: NanoCore
- 0x2f3c6:$a: NanoCore
- 0x2f3fb:$a: NanoCore
- 0x948bd:$a: NanoCore
- 0x948e2:$a: NanoCore
- 0x9493b:$a: NanoCore
- 0xa4ada:$a: NanoCore
- 0xa4b00:$a: NanoCore
- 0xa4b5c:$a: NanoCore
- 0xb19b3:$a: NanoCore
- 0xb1a0c:$a: NanoCore
- 0xb1a3f:$a: NanoCore
- 0xb1c6b:$a: NanoCore
- 0xb1ce7:$a: NanoCore
|
9.2.RegSvcs.exe.3522981.22.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
9.2.RegSvcs.exe.3522981.22.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xb13a:$a: NanoCore
- 0xb14f:$a: NanoCore
- 0xb184:$a: NanoCore
- 0x25f52:$a: NanoCore
- 0x25f67:$a: NanoCore
- 0x25f9c:$a: NanoCore
- 0x8b45e:$a: NanoCore
- 0x8b483:$a: NanoCore
- 0x8b4dc:$a: NanoCore
- 0x9b67b:$a: NanoCore
- 0x9b6a1:$a: NanoCore
- 0x9b6fd:$a: NanoCore
- 0xa8554:$a: NanoCore
- 0xa85ad:$a: NanoCore
- 0xa85e0:$a: NanoCore
- 0xa880c:$a: NanoCore
- 0xa8888:$a: NanoCore
- 0xa8ea1:$a: NanoCore
- 0xa8fea:$a: NanoCore
- 0xa94be:$a: NanoCore
- 0xa97a5:$a: NanoCore
|
4.2.plugmahm65898.exe.3486c90.5.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x42dad:$x1: NanoCore.ClientPluginHost
- 0x757cd:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x42dea:$x2: IClientNetworkHost
- 0x7580a:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x4691d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
- 0x7933d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
4.2.plugmahm65898.exe.3486c90.5.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
4.2.plugmahm65898.exe.3486c90.5.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0x42b15:$a: NanoCore
- 0x42b25:$a: NanoCore
- 0x42d59:$a: NanoCore
- 0x42d6d:$a: NanoCore
- 0x42dad:$a: NanoCore
- 0x75535:$a: NanoCore
- 0x75545:$a: NanoCore
- 0x75779:$a: NanoCore
- 0x7578d:$a: NanoCore
- 0x757cd:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x42b74:$b: ClientPlugin
- 0x42d76:$b: ClientPlugin
- 0x42db6:$b: ClientPlugin
|
Click to see the 157 entries |