Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #nanocore #rat observations of some item tagged on Hybrid Analysis
- 12/11/2017
- sha256 320413b6d549da963b0d551bbf91427f20b234390b91f5faf2497d29dd0ae8c3
- https://www.reverse.it/sample/320413b6d549da963b0d551bbf91427f20b234390b91f5faf2497d29dd0ae8c3?environmentId=100
- contains strings with "NanoCore" in it
- Uses unusual port ( 185.162.124.221 on port 4110 )
- process hierarchy
- (exe ->
- --> cmd.exe -> reg.exe
- --> tmp.exe
- --> svhost.exe -> schtasks.exe
- --> cmd.exe -> timeout.exe, tasklist.exe, find.exe, winlogon.exe
- )
- same metadata
- CompanyName : www.SamLab.ws
- ProductName : SAM DeCoDeR Pack 2015 Best
- 12/8/2017
- sha256 5fa71c4a86e210b85850463ee326890ce74f297282ff1f74abeb35a0254fcdd9
- https://www.reverse.it/sample/5fa71c4a86e210b85850463ee326890ce74f297282ff1f74abeb35a0254fcdd9?environmentId=100
- does not contain strings with "NanoCore" in it
- Uses unusual port ( 185.162.124.221 on port 4110 )
- process hierarchy
- (exe ->
- --> cmd.exe -> reg.exe
- --> tmp.exe -> cmd.exe -> reg.exe, tmp.exe
- --> svhost.exe -> schtasks.exe
- --> svhost.exe -> cmd.exe -> reg.exe, tmp.exe
- --> cmd.exe -> timeout.exe, tasklist.exe, find.exe, winlogon.exe
- )
- same metadata
- CompanyName : www.SamLab.ws
- ProductName : SAM DeCoDeR Pack 2015 Best
- 12/4/2017
- sha256 73a84b11c0e7140c846bb5316974037d1f6cb9574ca0d48c8919bd1e024c0073
- https://www.reverse.it/sample/73a84b11c0e7140c846bb5316974037d1f6cb9574ca0d48c8919bd1e024c0073?environmentId=100
- contains strings with "NanoCore" in it
- Uses unusual port ( 5.34.183.64 on port 1921 )
- process hierarchy
- (exe ->
- --> cmd.exe -> reg.exe
- --> tmp.exe
- --> svhost.exe -> schtasks.exe
- --> cmd.exe -> timeout.exe, tasklist.exe, find.exe, winlogon.exe
- )
- same metadata
- CompanyName : www.SamLab.ws
- ProductName : SAM DeCoDeR Pack 2015 Best
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement