2.0.nano.exe.a80000.0.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
2.0.nano.exe.a80000.0.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
2.0.nano.exe.a80000.0.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
2.0.nano.exe.a80000.0.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
2.0.nano.exe.a80000.1.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
2.0.nano.exe.a80000.1.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
2.0.nano.exe.a80000.1.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
2.0.nano.exe.a80000.1.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
2.2.nano.exe.5720000.5.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
|
2.2.nano.exe.5720000.5.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
|
2.2.nano.exe.5c40000.7.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xf7ad:$x1: NanoCore.ClientPluginHost
- 0xf7da:$x2: IClientNetworkHost
|
2.2.nano.exe.5c40000.7.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xf7ad:$x2: NanoCore.ClientPluginHost
- 0x10888:$s4: PipeCreated
- 0xf7c7:$s5: IClientLoggingHost
|
2.2.nano.exe.5c40000.7.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
0.2.4Y85lSOUJ0.exe.2de9114.5.raw.unpack | JoeSecurity_MercurialGrabber | Yara detected MercurialGrabber | Joe Security | |
0.2.4Y85lSOUJ0.exe.2de9114.5.raw.unpack | MAL_Luna_Stealer_Apr_2021_1 | Detect Luna stealer (also Mercurial Grabber) | Arkbird_SOLG | - 0xacc:$s1: 73 3B 00 00 0A 0B 07 72 AB 0B 00 70 02 7B 06 00 00 04 28 0E 00 00 0A 6F 3C 00 00 0A 0C 08 6F 3D 00 00 0A 6F 3E 00 00 0A 6F 3F 00 00 0A 0D 09 6F 40 00 00 0A 0A 02 72 DD 0B 00 70 06 28 2E 00 00 ...
- 0x1cf8:$s2: 72 F6 17 00 70 02 7B 35 00 00 04 28 2E 00 00 06 0A 02 72 08 18 00 70 02 7B 35 00 00 04 28 2E 00 00 06 7D 37 00 00 04 72 0E 18 00 70 02 7B 35 00 00 04 28 2E 00 00 06 0B 02 06 72 2A 18 00 70 07 ...
- 0x1efc:$s3: 72 DC 18 00 70 73 7C 00 00 0A 0A 06 6F 7D 00 00 0A 6F 7E 00 00 0A 0C 2B 75 08 6F 7F 00 00 0A 74 53 00 00 01 0B 07 72 24 19 00 70 6F 80 00 00 0A 2C 16 02 07 72 24 19 00 70 6F 80 00 00 0A 6F 1D ...
- 0x79f1:$x1: ---------------- mercurial grabber ----------------
- 0x7c39:$x2: 5C 00 73 00 2A 00 3A 00 5C 00 73 00 2A 00 28 00 22 00 28 00 3F 00 3A 00 5C 00 5C 00 22 00 7C 00 5B 00 5E 00 22 00 5D 00 29 00 2A 00 3F
- 0x7e53:$x3: 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 32 00 34 00 7D 00 5C 00 2E 00 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 36 00 7D 00 5C 00 2E 00 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 32 00 37 00 7D 00 01 1D 6D 00 ...
|
0.0.4Y85lSOUJ0.exe.69c870.1.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
0.0.4Y85lSOUJ0.exe.69c870.1.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
0.0.4Y85lSOUJ0.exe.69c870.1.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
0.0.4Y85lSOUJ0.exe.69c870.1.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
2.2.nano.exe.5c40000.7.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xd9ad:$x1: NanoCore.ClientPluginHost
- 0xd9da:$x2: IClientNetworkHost
|
2.2.nano.exe.5c40000.7.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xd9ad:$x2: NanoCore.ClientPluginHost
- 0xea88:$s4: PipeCreated
- 0xd9c7:$s5: IClientLoggingHost
|
2.2.nano.exe.5c40000.7.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
2.2.nano.exe.42ee67c.3.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xf7ad:$x1: NanoCore.ClientPluginHost
- 0x28391:$x1: NanoCore.ClientPluginHost
- 0xf7da:$x2: IClientNetworkHost
- 0x283be:$x2: IClientNetworkHost
|
2.2.nano.exe.42ee67c.3.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xf7ad:$x2: NanoCore.ClientPluginHost
- 0x28391:$x2: NanoCore.ClientPluginHost
- 0x10888:$s4: PipeCreated
- 0x2946c:$s4: PipeCreated
- 0xf7c7:$s5: IClientLoggingHost
- 0x283ab:$s5: IClientLoggingHost
|
2.2.nano.exe.42ee67c.3.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
0.0.4Y85lSOUJ0.exe.69226b.2.unpack | JoeSecurity_MercurialGrabber | Yara detected MercurialGrabber | Joe Security | |
0.2.4Y85lSOUJ0.exe.2de43ac.4.raw.unpack | JoeSecurity_MercurialGrabber | Yara detected MercurialGrabber | Joe Security | |
0.2.4Y85lSOUJ0.exe.2de43ac.4.raw.unpack | MAL_Luna_Stealer_Apr_2021_1 | Detect Luna stealer (also Mercurial Grabber) | Arkbird_SOLG | - 0x5834:$s1: 73 3B 00 00 0A 0B 07 72 AB 0B 00 70 02 7B 06 00 00 04 28 0E 00 00 0A 6F 3C 00 00 0A 0C 08 6F 3D 00 00 0A 6F 3E 00 00 0A 6F 3F 00 00 0A 0D 09 6F 40 00 00 0A 0A 02 72 DD 0B 00 70 06 28 2E 00 00 ...
- 0x6a60:$s2: 72 F6 17 00 70 02 7B 35 00 00 04 28 2E 00 00 06 0A 02 72 08 18 00 70 02 7B 35 00 00 04 28 2E 00 00 06 7D 37 00 00 04 72 0E 18 00 70 02 7B 35 00 00 04 28 2E 00 00 06 0B 02 06 72 2A 18 00 70 07 ...
- 0x6c64:$s3: 72 DC 18 00 70 73 7C 00 00 0A 0A 06 6F 7D 00 00 0A 6F 7E 00 00 0A 0C 2B 75 08 6F 7F 00 00 0A 74 53 00 00 01 0B 07 72 24 19 00 70 6F 80 00 00 0A 2C 16 02 07 72 24 19 00 70 6F 80 00 00 0A 6F 1D ...
- 0xc759:$x1: ---------------- mercurial grabber ----------------
- 0xc9a1:$x2: 5C 00 73 00 2A 00 3A 00 5C 00 73 00 2A 00 28 00 22 00 28 00 3F 00 3A 00 5C 00 5C 00 22 00 7C 00 5B 00 5E 00 22 00 5D 00 29 00 2A 00 3F
- 0xcbbb:$x3: 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 32 00 34 00 7D 00 5C 00 2E 00 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 36 00 7D 00 5C 00 2E 00 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 32 00 37 00 7D 00 01 1D 6D 00 ...
|
0.2.4Y85lSOUJ0.exe.69226b.1.unpack | JoeSecurity_MercurialGrabber | Yara detected MercurialGrabber | Joe Security | |
5.2.output.exe.300000.0.unpack | JoeSecurity_MercurialGrabber | Yara detected MercurialGrabber | Joe Security | |
5.2.output.exe.300000.0.unpack | MAL_Luna_Stealer_Apr_2021_1 | Detect Luna stealer (also Mercurial Grabber) | Arkbird_SOLG | - 0xacc:$s1: 73 3B 00 00 0A 0B 07 72 AB 0B 00 70 02 7B 06 00 00 04 28 0E 00 00 0A 6F 3C 00 00 0A 0C 08 6F 3D 00 00 0A 6F 3E 00 00 0A 6F 3F 00 00 0A 0D 09 6F 40 00 00 0A 0A 02 72 DD 0B 00 70 06 28 2E 00 00 ...
- 0x1cf8:$s2: 72 F6 17 00 70 02 7B 35 00 00 04 28 2E 00 00 06 0A 02 72 08 18 00 70 02 7B 35 00 00 04 28 2E 00 00 06 7D 37 00 00 04 72 0E 18 00 70 02 7B 35 00 00 04 28 2E 00 00 06 0B 02 06 72 2A 18 00 70 07 ...
- 0x1efc:$s3: 72 DC 18 00 70 73 7C 00 00 0A 0A 06 6F 7D 00 00 0A 6F 7E 00 00 0A 0C 2B 75 08 6F 7F 00 00 0A 74 53 00 00 01 0B 07 72 24 19 00 70 6F 80 00 00 0A 2C 16 02 07 72 24 19 00 70 6F 80 00 00 0A 6F 1D ...
- 0x79f1:$x1: ---------------- mercurial grabber ----------------
- 0x7c39:$x2: 5C 00 73 00 2A 00 3A 00 5C 00 73 00 2A 00 28 00 22 00 28 00 3F 00 3A 00 5C 00 5C 00 22 00 7C 00 5B 00 5E 00 22 00 5D 00 29 00 2A 00 3F
- 0x7e53:$x3: 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 32 00 34 00 7D 00 5C 00 2E 00 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 36 00 7D 00 5C 00 2E 00 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 32 00 37 00 7D 00 01 1D 6D 00 ...
|
0.2.4Y85lSOUJ0.exe.69c870.2.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
0.2.4Y85lSOUJ0.exe.69c870.2.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
0.2.4Y85lSOUJ0.exe.69c870.2.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
0.2.4Y85lSOUJ0.exe.69c870.2.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
2.2.nano.exe.a80000.0.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
2.2.nano.exe.a80000.0.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
2.2.nano.exe.a80000.0.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
2.2.nano.exe.a80000.0.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
2.2.nano.exe.42f2ca5.4.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xb184:$x1: NanoCore.ClientPluginHost
- 0x23d68:$x1: NanoCore.ClientPluginHost
- 0xb1b1:$x2: IClientNetworkHost
- 0x23d95:$x2: IClientNetworkHost
|
2.2.nano.exe.42f2ca5.4.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xb184:$x2: NanoCore.ClientPluginHost
- 0x23d68:$x2: NanoCore.ClientPluginHost
- 0xc25f:$s4: PipeCreated
- 0x24e43:$s4: PipeCreated
- 0xb19e:$s5: IClientLoggingHost
- 0x23d82:$s5: IClientLoggingHost
|
2.2.nano.exe.42f2ca5.4.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
0.2.4Y85lSOUJ0.exe.2de9114.5.unpack | JoeSecurity_MercurialGrabber | Yara detected MercurialGrabber | Joe Security | |
0.0.4Y85lSOUJ0.exe.69226b.2.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1a792:$x1: NanoCore.ClientPluginHost
- 0x1a7cf:$x2: IClientNetworkHost
- 0x1e302:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
0.0.4Y85lSOUJ0.exe.69226b.2.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1a50a:$x1: NanoCore Client.exe
- 0x1a792:$x2: NanoCore.ClientPluginHost
- 0x1bdcb:$s1: PluginCommand
- 0x1bdbf:$s2: FileCommand
- 0x1cc70:$s3: PipeExists
- 0x22a27:$s4: PipeCreated
- 0x1a7bc:$s5: IClientLoggingHost
|
0.0.4Y85lSOUJ0.exe.69226b.2.raw.unpack | JoeSecurity_MercurialGrabber | Yara detected MercurialGrabber | Joe Security | |
0.0.4Y85lSOUJ0.exe.69226b.2.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
0.0.4Y85lSOUJ0.exe.69226b.2.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x1a4fa:$a: NanoCore
- 0x1a50a:$a: NanoCore
- 0x1a73e:$a: NanoCore
- 0x1a752:$a: NanoCore
- 0x1a792:$a: NanoCore
- 0x1a559:$b: ClientPlugin
- 0x1a75b:$b: ClientPlugin
- 0x1a79b:$b: ClientPlugin
- 0x1a680:$c: ProjectData
- 0x1b087:$d: DESCrypto
- 0x22a53:$e: KeepAlive
- 0x20a41:$g: LogClientMessage
- 0x1cc3c:$i: get_Connected
- 0x1b3bd:$j: #=q
- 0x1b3ed:$j: #=q
- 0x1b409:$j: #=q
- 0x1b439:$j: #=q
- 0x1b455:$j: #=q
- 0x1b471:$j: #=q
- 0x1b4a1:$j: #=q
- 0x1b4bd:$j: #=q
|
0.0.4Y85lSOUJ0.exe.69226b.2.raw.unpack | MAL_Luna_Stealer_Apr_2021_1 | Detect Luna stealer (also Mercurial Grabber) | Arkbird_SOLG | - 0xacc:$s1: 73 3B 00 00 0A 0B 07 72 AB 0B 00 70 02 7B 06 00 00 04 28 0E 00 00 0A 6F 3C 00 00 0A 0C 08 6F 3D 00 00 0A 6F 3E 00 00 0A 6F 3F 00 00 0A 0D 09 6F 40 00 00 0A 0A 02 72 DD 0B 00 70 06 28 2E 00 00 ...
- 0x1cf8:$s2: 72 F6 17 00 70 02 7B 35 00 00 04 28 2E 00 00 06 0A 02 72 08 18 00 70 02 7B 35 00 00 04 28 2E 00 00 06 7D 37 00 00 04 72 0E 18 00 70 02 7B 35 00 00 04 28 2E 00 00 06 0B 02 06 72 2A 18 00 70 07 ...
- 0x1efc:$s3: 72 DC 18 00 70 73 7C 00 00 0A 0A 06 6F 7D 00 00 0A 6F 7E 00 00 0A 0C 2B 75 08 6F 7F 00 00 0A 74 53 00 00 01 0B 07 72 24 19 00 70 6F 80 00 00 0A 2C 16 02 07 72 24 19 00 70 6F 80 00 00 0A 6F 1D ...
- 0x79f1:$x1: ---------------- mercurial grabber ----------------
- 0x7c39:$x2: 5C 00 73 00 2A 00 3A 00 5C 00 73 00 2A 00 28 00 22 00 28 00 3F 00 3A 00 5C 00 5C 00 22 00 7C 00 5B 00 5E 00 22 00 5D 00 29 00 2A 00 3F
- 0x7e53:$x3: 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 32 00 34 00 7D 00 5C 00 2E 00 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 36 00 7D 00 5C 00 2E 00 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 32 00 37 00 7D 00 01 1D 6D 00 ...
|
0.2.4Y85lSOUJ0.exe.3de4268.6.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
0.2.4Y85lSOUJ0.exe.3de4268.6.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
0.2.4Y85lSOUJ0.exe.3de4268.6.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
0.2.4Y85lSOUJ0.exe.3de4268.6.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
2.2.nano.exe.32b1744.1.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
|
2.2.nano.exe.32b1744.1.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
|
5.0.output.exe.300000.2.unpack | JoeSecurity_MercurialGrabber | Yara detected MercurialGrabber | Joe Security | |
5.0.output.exe.300000.2.unpack | MAL_Luna_Stealer_Apr_2021_1 | Detect Luna stealer (also Mercurial Grabber) | Arkbird_SOLG | - 0xacc:$s1: 73 3B 00 00 0A 0B 07 72 AB 0B 00 70 02 7B 06 00 00 04 28 0E 00 00 0A 6F 3C 00 00 0A 0C 08 6F 3D 00 00 0A 6F 3E 00 00 0A 6F 3F 00 00 0A 0D 09 6F 40 00 00 0A 0A 02 72 DD 0B 00 70 06 28 2E 00 00 ...
- 0x1cf8:$s2: 72 F6 17 00 70 02 7B 35 00 00 04 28 2E 00 00 06 0A 02 72 08 18 00 70 02 7B 35 00 00 04 28 2E 00 00 06 7D 37 00 00 04 72 0E 18 00 70 02 7B 35 00 00 04 28 2E 00 00 06 0B 02 06 72 2A 18 00 70 07 ...
- 0x1efc:$s3: 72 DC 18 00 70 73 7C 00 00 0A 0A 06 6F 7D 00 00 0A 6F 7E 00 00 0A 0C 2B 75 08 6F 7F 00 00 0A 74 53 00 00 01 0B 07 72 24 19 00 70 6F 80 00 00 0A 2C 16 02 07 72 24 19 00 70 6F 80 00 00 0A 6F 1D ...
- 0x79f1:$x1: ---------------- mercurial grabber ----------------
- 0x7c39:$x2: 5C 00 73 00 2A 00 3A 00 5C 00 73 00 2A 00 28 00 22 00 28 00 3F 00 3A 00 5C 00 5C 00 22 00 7C 00 5B 00 5E 00 22 00 5D 00 29 00 2A 00 3F
- 0x7e53:$x3: 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 32 00 34 00 7D 00 5C 00 2E 00 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 36 00 7D 00 5C 00 2E 00 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 32 00 37 00 7D 00 01 1D 6D 00 ...
|
0.2.4Y85lSOUJ0.exe.69c870.2.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
0.2.4Y85lSOUJ0.exe.69c870.2.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
0.2.4Y85lSOUJ0.exe.69c870.2.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
0.2.4Y85lSOUJ0.exe.69c870.2.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
0.2.4Y85lSOUJ0.exe.3de4268.6.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
0.2.4Y85lSOUJ0.exe.3de4268.6.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
0.2.4Y85lSOUJ0.exe.3de4268.6.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
0.2.4Y85lSOUJ0.exe.3de4268.6.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
2.2.nano.exe.42e9846.2.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe75:$x1: NanoCore.ClientPluginHost
- 0x145e3:$x1: NanoCore.ClientPluginHost
- 0x2d1c7:$x1: NanoCore.ClientPluginHost
- 0xe8f:$x2: IClientNetworkHost
- 0x14610:$x2: IClientNetworkHost
- 0x2d1f4:$x2: IClientNetworkHost
|
2.2.nano.exe.42e9846.2.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe75:$x2: NanoCore.ClientPluginHost
- 0x145e3:$x2: NanoCore.ClientPluginHost
- 0x2d1c7:$x2: NanoCore.ClientPluginHost
- 0x1261:$s3: PipeExists
- 0x1136:$s4: PipeCreated
- 0x156be:$s4: PipeCreated
- 0x2e2a2:$s4: PipeCreated
- 0xeb0:$s5: IClientLoggingHost
- 0x145fd:$s5: IClientLoggingHost
- 0x2d1e1:$s5: IClientLoggingHost
|
2.2.nano.exe.42e9846.2.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
2.2.nano.exe.42e9846.2.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xddf:$a: NanoCore
- 0xe38:$a: NanoCore
- 0xe75:$a: NanoCore
- 0xeee:$a: NanoCore
- 0x14599:$a: NanoCore
- 0x145ae:$a: NanoCore
- 0x145e3:$a: NanoCore
- 0x2d17d:$a: NanoCore
- 0x2d192:$a: NanoCore
- 0x2d1c7:$a: NanoCore
- 0xe41:$b: ClientPlugin
- 0xe7e:$b: ClientPlugin
- 0x177c:$b: ClientPlugin
- 0x1789:$b: ClientPlugin
- 0x14355:$b: ClientPlugin
- 0x14370:$b: ClientPlugin
- 0x143a0:$b: ClientPlugin
- 0x145b7:$b: ClientPlugin
- 0x145ec:$b: ClientPlugin
- 0x2cf39:$b: ClientPlugin
- 0x2cf54:$b: ClientPlugin
|
2.2.nano.exe.5c44629.8.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xb184:$x1: NanoCore.ClientPluginHost
- 0xb1b1:$x2: IClientNetworkHost
|
2.2.nano.exe.5c44629.8.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xb184:$x2: NanoCore.ClientPluginHost
- 0xc25f:$s4: PipeCreated
- 0xb19e:$s5: IClientLoggingHost
|
2.2.nano.exe.5c44629.8.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
2.2.nano.exe.42ee67c.3.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xd9ad:$x1: NanoCore.ClientPluginHost
- 0xd9da:$x2: IClientNetworkHost
|
2.2.nano.exe.42ee67c.3.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xd9ad:$x2: NanoCore.ClientPluginHost
- 0xea88:$s4: PipeCreated
- 0xd9c7:$s5: IClientLoggingHost
|
2.2.nano.exe.42ee67c.3.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
2.0.nano.exe.a80000.3.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
2.0.nano.exe.a80000.3.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
2.0.nano.exe.a80000.3.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
2.0.nano.exe.a80000.3.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
0.0.4Y85lSOUJ0.exe.690000.0.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1abfd:$x1: NanoCore.ClientPluginHost
- 0x1ac3a:$x2: IClientNetworkHost
- 0x1e76d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
0.0.4Y85lSOUJ0.exe.690000.0.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1a975:$x1: NanoCore Client.exe
- 0x1abfd:$x2: NanoCore.ClientPluginHost
- 0x1c236:$s1: PluginCommand
- 0x1c22a:$s2: FileCommand
- 0x1d0db:$s3: PipeExists
- 0x22e92:$s4: PipeCreated
- 0x1ac27:$s5: IClientLoggingHost
|
0.0.4Y85lSOUJ0.exe.690000.0.unpack | JoeSecurity_MercurialGrabber | Yara detected MercurialGrabber | Joe Security | |
0.0.4Y85lSOUJ0.exe.690000.0.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
0.0.4Y85lSOUJ0.exe.690000.0.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x1a965:$a: NanoCore
- 0x1a975:$a: NanoCore
- 0x1aba9:$a: NanoCore
- 0x1abbd:$a: NanoCore
- 0x1abfd:$a: NanoCore
- 0x1a9c4:$b: ClientPlugin
- 0x1abc6:$b: ClientPlugin
- 0x1ac06:$b: ClientPlugin
- 0x1aaeb:$c: ProjectData
- 0x1b4f2:$d: DESCrypto
- 0x22ebe:$e: KeepAlive
- 0x20eac:$g: LogClientMessage
- 0x1d0a7:$i: get_Connected
- 0x1b828:$j: #=q
- 0x1b858:$j: #=q
- 0x1b874:$j: #=q
- 0x1b8a4:$j: #=q
- 0x1b8c0:$j: #=q
- 0x1b8dc:$j: #=q
- 0x1b90c:$j: #=q
- 0x1b928:$j: #=q
|
0.0.4Y85lSOUJ0.exe.690000.0.unpack | MAL_Luna_Stealer_Apr_2021_1 | Detect Luna stealer (also Mercurial Grabber) | Arkbird_SOLG | - 0xf37:$s1: 73 3B 00 00 0A 0B 07 72 AB 0B 00 70 02 7B 06 00 00 04 28 0E 00 00 0A 6F 3C 00 00 0A 0C 08 6F 3D 00 00 0A 6F 3E 00 00 0A 6F 3F 00 00 0A 0D 09 6F 40 00 00 0A 0A 02 72 DD 0B 00 70 06 28 2E 00 00 ...
- 0x2163:$s2: 72 F6 17 00 70 02 7B 35 00 00 04 28 2E 00 00 06 0A 02 72 08 18 00 70 02 7B 35 00 00 04 28 2E 00 00 06 7D 37 00 00 04 72 0E 18 00 70 02 7B 35 00 00 04 28 2E 00 00 06 0B 02 06 72 2A 18 00 70 07 ...
- 0x2367:$s3: 72 DC 18 00 70 73 7C 00 00 0A 0A 06 6F 7D 00 00 0A 6F 7E 00 00 0A 0C 2B 75 08 6F 7F 00 00 0A 74 53 00 00 01 0B 07 72 24 19 00 70 6F 80 00 00 0A 2C 16 02 07 72 24 19 00 70 6F 80 00 00 0A 6F 1D ...
- 0x7e5c:$x1: ---------------- mercurial grabber ----------------
- 0x80a4:$x2: 5C 00 73 00 2A 00 3A 00 5C 00 73 00 2A 00 28 00 22 00 28 00 3F 00 3A 00 5C 00 5C 00 22 00 7C 00 5B 00 5E 00 22 00 5D 00 29 00 2A 00 3F
- 0x82be:$x3: 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 32 00 34 00 7D 00 5C 00 2E 00 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 36 00 7D 00 5C 00 2E 00 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 32 00 37 00 7D 00 01 1D 6D 00 ...
|
5.0.output.exe.300000.1.unpack | JoeSecurity_MercurialGrabber | Yara detected MercurialGrabber | Joe Security | |
5.0.output.exe.300000.1.unpack | MAL_Luna_Stealer_Apr_2021_1 | Detect Luna stealer (also Mercurial Grabber) | Arkbird_SOLG | - 0xacc:$s1: 73 3B 00 00 0A 0B 07 72 AB 0B 00 70 02 7B 06 00 00 04 28 0E 00 00 0A 6F 3C 00 00 0A 0C 08 6F 3D 00 00 0A 6F 3E 00 00 0A 6F 3F 00 00 0A 0D 09 6F 40 00 00 0A 0A 02 72 DD 0B 00 70 06 28 2E 00 00 ...
- 0x1cf8:$s2: 72 F6 17 00 70 02 7B 35 00 00 04 28 2E 00 00 06 0A 02 72 08 18 00 70 02 7B 35 00 00 04 28 2E 00 00 06 7D 37 00 00 04 72 0E 18 00 70 02 7B 35 00 00 04 28 2E 00 00 06 0B 02 06 72 2A 18 00 70 07 ...
- 0x1efc:$s3: 72 DC 18 00 70 73 7C 00 00 0A 0A 06 6F 7D 00 00 0A 6F 7E 00 00 0A 0C 2B 75 08 6F 7F 00 00 0A 74 53 00 00 01 0B 07 72 24 19 00 70 6F 80 00 00 0A 2C 16 02 07 72 24 19 00 70 6F 80 00 00 0A 6F 1D ...
- 0x79f1:$x1: ---------------- mercurial grabber ----------------
- 0x7c39:$x2: 5C 00 73 00 2A 00 3A 00 5C 00 73 00 2A 00 28 00 22 00 28 00 3F 00 3A 00 5C 00 5C 00 22 00 7C 00 5B 00 5E 00 22 00 5D 00 29 00 2A 00 3F
- 0x7e53:$x3: 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 32 00 34 00 7D 00 5C 00 2E 00 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 36 00 7D 00 5C 00 2E 00 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 32 00 37 00 7D 00 01 1D 6D 00 ...
|
0.0.4Y85lSOUJ0.exe.69c870.1.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0xe38d:$x1: NanoCore.ClientPluginHost
- 0xe3ca:$x2: IClientNetworkHost
- 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
0.0.4Y85lSOUJ0.exe.69c870.1.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xe105:$x1: NanoCore Client.exe
- 0xe38d:$x2: NanoCore.ClientPluginHost
- 0xf9c6:$s1: PluginCommand
- 0xf9ba:$s2: FileCommand
- 0x1086b:$s3: PipeExists
- 0x16622:$s4: PipeCreated
- 0xe3b7:$s5: IClientLoggingHost
|
0.0.4Y85lSOUJ0.exe.69c870.1.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
0.0.4Y85lSOUJ0.exe.69c870.1.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xe0f5:$a: NanoCore
- 0xe105:$a: NanoCore
- 0xe339:$a: NanoCore
- 0xe34d:$a: NanoCore
- 0xe38d:$a: NanoCore
- 0xe154:$b: ClientPlugin
- 0xe356:$b: ClientPlugin
- 0xe396:$b: ClientPlugin
- 0xe27b:$c: ProjectData
- 0xec82:$d: DESCrypto
- 0x1664e:$e: KeepAlive
- 0x1463c:$g: LogClientMessage
- 0x10837:$i: get_Connected
- 0xefb8:$j: #=q
- 0xefe8:$j: #=q
- 0xf004:$j: #=q
- 0xf034:$j: #=q
- 0xf050:$j: #=q
- 0xf06c:$j: #=q
- 0xf09c:$j: #=q
- 0xf0b8:$j: #=q
|
5.0.output.exe.300000.0.unpack | JoeSecurity_MercurialGrabber | Yara detected MercurialGrabber | Joe Security | |
5.0.output.exe.300000.0.unpack | MAL_Luna_Stealer_Apr_2021_1 | Detect Luna stealer (also Mercurial Grabber) | Arkbird_SOLG | - 0xacc:$s1: 73 3B 00 00 0A 0B 07 72 AB 0B 00 70 02 7B 06 00 00 04 28 0E 00 00 0A 6F 3C 00 00 0A 0C 08 6F 3D 00 00 0A 6F 3E 00 00 0A 6F 3F 00 00 0A 0D 09 6F 40 00 00 0A 0A 02 72 DD 0B 00 70 06 28 2E 00 00 ...
- 0x1cf8:$s2: 72 F6 17 00 70 02 7B 35 00 00 04 28 2E 00 00 06 0A 02 72 08 18 00 70 02 7B 35 00 00 04 28 2E 00 00 06 7D 37 00 00 04 72 0E 18 00 70 02 7B 35 00 00 04 28 2E 00 00 06 0B 02 06 72 2A 18 00 70 07 ...
- 0x1efc:$s3: 72 DC 18 00 70 73 7C 00 00 0A 0A 06 6F 7D 00 00 0A 6F 7E 00 00 0A 0C 2B 75 08 6F 7F 00 00 0A 74 53 00 00 01 0B 07 72 24 19 00 70 6F 80 00 00 0A 2C 16 02 07 72 24 19 00 70 6F 80 00 00 0A 6F 1D ...
- 0x79f1:$x1: ---------------- mercurial grabber ----------------
- 0x7c39:$x2: 5C 00 73 00 2A 00 3A 00 5C 00 73 00 2A 00 28 00 22 00 28 00 3F 00 3A 00 5C 00 5C 00 22 00 7C 00 5B 00 5E 00 22 00 5D 00 29 00 2A 00 3F
- 0x7e53:$x3: 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 32 00 34 00 7D 00 5C 00 2E 00 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 36 00 7D 00 5C 00 2E 00 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 32 00 37 00 7D 00 01 1D 6D 00 ...
|
0.2.4Y85lSOUJ0.exe.690000.0.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1abfd:$x1: NanoCore.ClientPluginHost
- 0x1ac3a:$x2: IClientNetworkHost
- 0x1e76d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
0.2.4Y85lSOUJ0.exe.690000.0.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1a975:$x1: NanoCore Client.exe
- 0x1abfd:$x2: NanoCore.ClientPluginHost
- 0x1c236:$s1: PluginCommand
- 0x1c22a:$s2: FileCommand
- 0x1d0db:$s3: PipeExists
- 0x22e92:$s4: PipeCreated
- 0x1ac27:$s5: IClientLoggingHost
|
2.0.nano.exe.a80000.2.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1018d:$x1: NanoCore.ClientPluginHost
- 0x101ca:$x2: IClientNetworkHost
- 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
2.0.nano.exe.a80000.2.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0xff05:$x1: NanoCore Client.exe
- 0x1018d:$x2: NanoCore.ClientPluginHost
- 0x117c6:$s1: PluginCommand
- 0x117ba:$s2: FileCommand
- 0x1266b:$s3: PipeExists
- 0x18422:$s4: PipeCreated
- 0x101b7:$s5: IClientLoggingHost
|
0.2.4Y85lSOUJ0.exe.690000.0.unpack | JoeSecurity_MercurialGrabber | Yara detected MercurialGrabber | Joe Security | |
0.2.4Y85lSOUJ0.exe.690000.0.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
2.0.nano.exe.a80000.2.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
0.2.4Y85lSOUJ0.exe.690000.0.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x1a965:$a: NanoCore
- 0x1a975:$a: NanoCore
- 0x1aba9:$a: NanoCore
- 0x1abbd:$a: NanoCore
- 0x1abfd:$a: NanoCore
- 0x1a9c4:$b: ClientPlugin
- 0x1abc6:$b: ClientPlugin
- 0x1ac06:$b: ClientPlugin
- 0x1aaeb:$c: ProjectData
- 0x1b4f2:$d: DESCrypto
- 0x22ebe:$e: KeepAlive
- 0x20eac:$g: LogClientMessage
- 0x1d0a7:$i: get_Connected
- 0x1b828:$j: #=q
- 0x1b858:$j: #=q
- 0x1b874:$j: #=q
- 0x1b8a4:$j: #=q
- 0x1b8c0:$j: #=q
- 0x1b8dc:$j: #=q
- 0x1b90c:$j: #=q
- 0x1b928:$j: #=q
|
2.0.nano.exe.a80000.2.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0xfef5:$a: NanoCore
- 0xff05:$a: NanoCore
- 0x10139:$a: NanoCore
- 0x1014d:$a: NanoCore
- 0x1018d:$a: NanoCore
- 0xff54:$b: ClientPlugin
- 0x10156:$b: ClientPlugin
- 0x10196:$b: ClientPlugin
- 0x1007b:$c: ProjectData
- 0x10a82:$d: DESCrypto
- 0x1844e:$e: KeepAlive
- 0x1643c:$g: LogClientMessage
- 0x12637:$i: get_Connected
- 0x10db8:$j: #=q
- 0x10de8:$j: #=q
- 0x10e04:$j: #=q
- 0x10e34:$j: #=q
- 0x10e50:$j: #=q
- 0x10e6c:$j: #=q
- 0x10e9c:$j: #=q
- 0x10eb8:$j: #=q
|
0.2.4Y85lSOUJ0.exe.690000.0.unpack | MAL_Luna_Stealer_Apr_2021_1 | Detect Luna stealer (also Mercurial Grabber) | Arkbird_SOLG | - 0xf37:$s1: 73 3B 00 00 0A 0B 07 72 AB 0B 00 70 02 7B 06 00 00 04 28 0E 00 00 0A 6F 3C 00 00 0A 0C 08 6F 3D 00 00 0A 6F 3E 00 00 0A 6F 3F 00 00 0A 0D 09 6F 40 00 00 0A 0A 02 72 DD 0B 00 70 06 28 2E 00 00 ...
- 0x2163:$s2: 72 F6 17 00 70 02 7B 35 00 00 04 28 2E 00 00 06 0A 02 72 08 18 00 70 02 7B 35 00 00 04 28 2E 00 00 06 7D 37 00 00 04 72 0E 18 00 70 02 7B 35 00 00 04 28 2E 00 00 06 0B 02 06 72 2A 18 00 70 07 ...
- 0x2367:$s3: 72 DC 18 00 70 73 7C 00 00 0A 0A 06 6F 7D 00 00 0A 6F 7E 00 00 0A 0C 2B 75 08 6F 7F 00 00 0A 74 53 00 00 01 0B 07 72 24 19 00 70 6F 80 00 00 0A 2C 16 02 07 72 24 19 00 70 6F 80 00 00 0A 6F 1D ...
- 0x7e5c:$x1: ---------------- mercurial grabber ----------------
- 0x80a4:$x2: 5C 00 73 00 2A 00 3A 00 5C 00 73 00 2A 00 28 00 22 00 28 00 3F 00 3A 00 5C 00 5C 00 22 00 7C 00 5B 00 5E 00 22 00 5D 00 29 00 2A 00 3F
- 0x82be:$x3: 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 32 00 34 00 7D 00 5C 00 2E 00 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 36 00 7D 00 5C 00 2E 00 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 32 00 37 00 7D 00 01 1D 6D 00 ...
|
0.2.4Y85lSOUJ0.exe.69226b.1.raw.unpack | Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth | - 0x1a792:$x1: NanoCore.ClientPluginHost
- 0x1a7cf:$x2: IClientNetworkHost
- 0x1e302:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
|
0.2.4Y85lSOUJ0.exe.69226b.1.raw.unpack | Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth | - 0x1a50a:$x1: NanoCore Client.exe
- 0x1a792:$x2: NanoCore.ClientPluginHost
- 0x1bdcb:$s1: PluginCommand
- 0x1bdbf:$s2: FileCommand
- 0x1cc70:$s3: PipeExists
- 0x22a27:$s4: PipeCreated
- 0x1a7bc:$s5: IClientLoggingHost
|
0.2.4Y85lSOUJ0.exe.69226b.1.raw.unpack | JoeSecurity_MercurialGrabber | Yara detected MercurialGrabber | Joe Security | |
0.2.4Y85lSOUJ0.exe.69226b.1.raw.unpack | JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | |
0.2.4Y85lSOUJ0.exe.69226b.1.raw.unpack | NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> | - 0x1a4fa:$a: NanoCore
- 0x1a50a:$a: NanoCore
- 0x1a73e:$a: NanoCore
- 0x1a752:$a: NanoCore
- 0x1a792:$a: NanoCore
- 0x1a559:$b: ClientPlugin
- 0x1a75b:$b: ClientPlugin
- 0x1a79b:$b: ClientPlugin
- 0x1a680:$c: ProjectData
- 0x1b087:$d: DESCrypto
- 0x22a53:$e: KeepAlive
- 0x20a41:$g: LogClientMessage
- 0x1cc3c:$i: get_Connected
- 0x1b3bd:$j: #=q
- 0x1b3ed:$j: #=q
- 0x1b409:$j: #=q
- 0x1b439:$j: #=q
- 0x1b455:$j: #=q
- 0x1b471:$j: #=q
- 0x1b4a1:$j: #=q
- 0x1b4bd:$j: #=q
|
0.2.4Y85lSOUJ0.exe.69226b.1.raw.unpack | MAL_Luna_Stealer_Apr_2021_1 | Detect Luna stealer (also Mercurial Grabber) | Arkbird_SOLG | - 0xacc:$s1: 73 3B 00 00 0A 0B 07 72 AB 0B 00 70 02 7B 06 00 00 04 28 0E 00 00 0A 6F 3C 00 00 0A 0C 08 6F 3D 00 00 0A 6F 3E 00 00 0A 6F 3F 00 00 0A 0D 09 6F 40 00 00 0A 0A 02 72 DD 0B 00 70 06 28 2E 00 00 ...
- 0x1cf8:$s2: 72 F6 17 00 70 02 7B 35 00 00 04 28 2E 00 00 06 0A 02 72 08 18 00 70 02 7B 35 00 00 04 28 2E 00 00 06 7D 37 00 00 04 72 0E 18 00 70 02 7B 35 00 00 04 28 2E 00 00 06 0B 02 06 72 2A 18 00 70 07 ...
- 0x1efc:$s3: 72 DC 18 00 70 73 7C 00 00 0A 0A 06 6F 7D 00 00 0A 6F 7E 00 00 0A 0C 2B 75 08 6F 7F 00 00 0A 74 53 00 00 01 0B 07 72 24 19 00 70 6F 80 00 00 0A 2C 16 02 07 72 24 19 00 70 6F 80 00 00 0A 6F 1D ...
- 0x79f1:$x1: ---------------- mercurial grabber ----------------
- 0x7c39:$x2: 5C 00 73 00 2A 00 3A 00 5C 00 73 00 2A 00 28 00 22 00 28 00 3F 00 3A 00 5C 00 5C 00 22 00 7C 00 5B 00 5E 00 22 00 5D 00 29 00 2A 00 3F
- 0x7e53:$x3: 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 32 00 34 00 7D 00 5C 00 2E 00 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 36 00 7D 00 5C 00 2E 00 5B 00 5C 00 77 00 2D 00 5D 00 7B 00 32 00 37 00 7D 00 01 1D 6D 00 ...
|
Click to see the 104 entries |