Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
1
2022-08-03 10:31
vbc.exe
ee71c964ff63d2d1316667f79656e01a
RAT
Generic Malware
Antivirus
PE32
.NET EXE
PE File
VirusTotal
Malware
powershell
suspicious privilege
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
Creates shortcut
unpack itself
powershell.exe wrote
Check virtual network interfaces
suspicious process
AppData folder
Windows
ComputerName
DNS
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://20.48.118.182/66.bmp
1
Info
×
20.48.118.182
1
Info
×
ET HUNTING Suspicious Terse Request for .bmp
7.8
M
19
ZeroCERT
2
2022-06-25 14:47
Favour.exe
6021e8882e14bf7f99e246db58e72d0f
RAT
PWS
.NET framework
PE32
.NET EXE
PE File
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
AutoRuns
suspicious privilege
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
Browser
Email
ComputerName
DNS
Cryptographic key
Software
crashed
1
Keyword trend analysis
×
Info
×
http://172.245.26.174/razi_Yciohtjb.jpg
3
Info
×
us2.smtp.mailhostbox.com(208.91.199.224)
208.91.198.143
172.245.26.174
2
Info
×
SURICATA Applayer Detect protocol only one direction
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
11.0
33
ZeroCERT
3
2022-06-24 09:50
kubar.exe
2fc87b78d28e559052c680fe891796ef
RAT
PE32
.NET EXE
PE File
VirusTotal
Malware
1.6
41
ZeroCERT
4
2022-06-24 09:46
Xpnwpn.exe
bc3f15241f7b63ed094e5454d1f3e8b9
RAT
PE32
.NET EXE
PE File
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
Buffer PE
AutoRuns
suspicious privilege
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
ICMP traffic
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
Browser
Email
ComputerName
DNS
Cryptographic key
Software
crashed
1
Keyword trend analysis
×
Info
×
http://172.245.26.174/Afsjkfstm_Nqikoyek.bmp
5
Info
×
us2.smtp.mailhostbox.com(208.91.198.143)
stackoverflow.com(151.101.65.69)
151.101.129.69
208.91.199.225
172.245.26.174
3
Info
×
ET HUNTING Suspicious Terse Request for .bmp
SURICATA Applayer Detect protocol only one direction
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
12.2
29
ZeroCERT
5
2022-05-20 13:51
noo.exe
24ec18a30815496490d2054419b1980b
RAT
PE32
.NET EXE
PE File
VirusTotal
Malware
Malicious Traffic
Check memory
Checks debugger
unpack itself
Check virtual network interfaces
ComputerName
1
Keyword trend analysis
×
Info
×
http://example.com/Nzzgmmjy_Shkxumyu.bmp
2
Info
×
example.com(93.184.216.34)
93.184.216.34
1
Info
×
ET HUNTING Suspicious Terse Request for .bmp
3.8
40
ZeroCERT
First
1
Last
Total : 5cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
