6d365f79...9487

VTI SCORE: 100/100

Target:

win7_64_sp1 | windows_script_file

Classification:

Trojan, Dropper

6d365f7901cd47dd0f1169c656d2e442ffabbc3197f0a6d056aee9471e9d9487 (SHA256)

Scan92933944.js

JScript

Created at 2018-05-23 13:36:00

YARA Information

Applied On	Sample Files, Created Files, Modified Files, PCAP File, Process Dumps
Number of YARA matches	2

Ruleset Name	Rule Name	Rule Description	File Type	Filename	Classification	Severity	Actions
RATs	RAT_Nanocore	Detected IOCs of backdoor Adzok	Process Dump	\Users\5P5NRG~1\AppData\Local\Temp\hSbFTsTClaogdEEotf.exe	-	5/5	... YARA Actions Show Ruleset Show Process Dump
RATs	RAT_NanoCore	Detected IOCs of backdoor Adzok	Process Dump	\Users\5P5NRG~1\AppData\Local\Temp\hSbFTsTClaogdEEotf.exe	-	5/5	... YARA Actions Show Ruleset Show Process Dump

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

YARA Information

Before

After