Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
1
2023-04-21 18:14
vbc.exe
e8ab54ff681e5009795d0030d626c9b3
AgentTesla
PWS
.NET framework
NPKI
browser
info stealer
Generic Malware
Google
Chrome
User Data
Downloader
Antivirus
Create Service
Socket
DNS
PWS[m]
Sniff Audio
Internet API
Escalate priviledges
KeyLogger
AntiDebug
AntiVM
.NET EXE
PE32
PE File
Remcos
VirusTotal
Malware
AutoRuns
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
suspicious process
Windows
ComputerName
Cryptographic key
crashed
keylogger
1
Keyword trend analysis
×
Info
×
http://geoplugin.net/json.gp
4
Info
×
geoplugin.net(178.237.33.50)
top.noforabusers1.xyz(185.225.74.112) - mailcious
178.237.33.50
185.225.74.112
1
Info
×
ET JA3 Hash - Remcos 3.x TLS Connection
12.4
M
51
ZeroCERT
2
2023-03-29 17:41
vbc.exe
4da41093eb4cce80c18d1e6a2391ba80
UPX
Malicious Library
PE32
PE File
JPEG Format
Browser Info Stealer
Remcos
VirusTotal
Malware
AutoRuns
Check memory
Checks debugger
Creates executable files
unpack itself
AppData folder
Windows
Browser
DNS
keylogger
3
Info
×
top.not2beabused01.xyz(38.117.65.122) - mailcious
38.117.65.122 - mailcious
45.33.6.223
1
Info
×
ET JA3 Hash - Remcos 3.x TLS Connection
5.6
M
31
ZeroCERT
3
2023-03-20 10:09
vbc.exe
badfd20331bbd073b8efe745d71b4797
UPX
Malicious Library
Malicious Packer
PE32
PE File
JPEG Format
Remcos
VirusTotal
Malware
AutoRuns
Malicious Traffic
Check memory
Creates executable files
unpack itself
AppData folder
human activity check
Windows
keylogger
1
Keyword trend analysis
×
Info
×
http://geoplugin.net/json.gp
4
Info
×
geoplugin.net(178.237.33.50)
top.not2beabused01.xyz(38.117.65.122)
178.237.33.50
38.117.65.122
1
Info
×
ET JA3 Hash - Remcos 3.x TLS Connection
6.6
M
49
ZeroCERT
4
2023-03-20 10:06
vbc.exe
ca8572b2750b75f7b137637093922152
PWS
.NET framework
RAT
UPX
Admin Tool (Sysinternals etc ...)
.NET EXE
PE32
PE File
VirusTotal
Malware
AutoRuns
suspicious privilege
Check memory
Checks debugger
unpack itself
Windows utilities
Windows
Cryptographic key
crashed
6.4
M
52
ZeroCERT
5
2023-03-13 09:49
yam.exe
961c9c4f65267e43e44e13b6bf265f6f
UPX
Malicious Library
PE32
PE File
OS Processor Check
Remcos
VirusTotal
Malware
Malicious Traffic
Check memory
Creates executable files
unpack itself
AppData folder
1
Keyword trend analysis
×
Info
×
http://geoplugin.net/json.gp
4
Info
×
geoplugin.net(178.237.33.50)
top.noforabusers1.xyz(103.114.163.134)
103.114.163.134
178.237.33.50
1
Info
×
ET JA3 Hash - Remcos 3.x TLS Connection
4.4
M
38
ZeroCERT
6
2023-02-15 09:43
vbc.exe
419a7ac0d8107fa55469468cccfafab8
RAT
UPX
PE32
.NET EXE
PE File
VirusTotal
Malware
AutoRuns
suspicious privilege
Malicious Traffic
Check memory
Checks debugger
unpack itself
Windows utilities
Check virtual network interfaces
Tofsee
Windows
1
Keyword trend analysis
×
Info
×
https://www.google.com/
2
Info
×
www.google.com(142.250.206.228)
142.250.207.36
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
6.2
M
41
ZeroCERT
First
1
Last
Total : 6cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
