Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
1
2024-03-13 07:51
bin.exe
d09a6cfe8d762be3b2511a013806b78b
UPX
.NET framework(MSIL)
PE32
PE File
.NET EXE
OS Processor Check
Check memory
Checks debugger
unpack itself
Check virtual network interfaces
Tofsee
Anonymous
DNS
2
Info
×
qu.ax(192.159.99.12) - mailcious
194.107.126.18
3
Info
×
ET INFO Anonymous File Sharing Domain in DNS Lookup (qu .ax)
ET INFO Observed Anonymous File Sharing Service Domain (qu .ax) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
1.2
M
ZeroCERT
2
2023-09-20 15:39
bypass.ps1.exe
6efe15382531ae994f2f220046421b1d
PE File
PE64
.NET EXE
VirusTotal
Malware
MachineGuid
Check memory
Checks debugger
unpack itself
2.2
48
ZeroCERT
3
2023-01-26 10:51
deliver2.exe
96a0822a132f93f3ee12b8a85284516a
RAT
PWS
Loki[b]
Loki.m
PE File
PE64
VirusTotal
Malware
MachineGuid
Check memory
Checks debugger
unpack itself
2.0
M
37
ZeroCERT
4
2022-12-07 15:47
newversion5.exe
355ce92ce35c97a86c144d175d83a3a3
RAT
PWS
Loki[b]
Loki.m
Generic Malware
UPX
Antivirus
PE File
PE64
VirusTotal
Malware
powershell
suspicious privilege
MachineGuid
Malicious Traffic
Check memory
Checks debugger
buffers extracted
Creates shortcut
unpack itself
powershell.exe wrote
Check virtual network interfaces
suspicious process
WriteConsoleW
Windows
ComputerName
DNS
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://85.209.134.86/Qyoapb.bmp
1
Info
×
85.209.134.86 - malware
1
Info
×
ET HUNTING Suspicious Terse Request for .bmp
7.8
M
28
ZeroCERT
5
2022-12-06 10:54
newversion2.exe
7e2f00faa3d8e240e551878f8176a48e
RAT
PWS
Loki[b]
Loki.m
UPX
PE File
PE64
VirusTotal
Malware
Malicious Traffic
Check memory
Checks debugger
buffers extracted
unpack itself
Check virtual network interfaces
DNS
1
Keyword trend analysis
×
Info
×
http://85.209.134.86/Wvwufehen.png
1
Info
×
85.209.134.86 -
3.8
25
ZeroCERT
First
1
Last
Total : 5cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword