Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
1
2022-07-22 17:34
EzArB.exe
833bc61d4955551fee83afc1fb812496
AgentTesla
PWS[m]
backdoor
RemcosRAT
browser
info stealer
Google
Chrome
User Data
Malicious Library
UPX
Malicious Packer
Create Service
DGA
Socket
ScreenShot
DNS
Internet API
Code injection
Hijack Network
Sniff Audio
HTTP
Steal credential
KeyLogger
P2P
Do
Malware download
Remcos
NetWireRC
VirusTotal
Malware
Code Injection
Check memory
Creates executable files
Windows utilities
suspicious process
AppData folder
malicious URLs
WriteConsoleW
Windows
RAT
DNS
DDNS
keylogger
4
Info
×
windda.ddns.net(10.0.0.4)
6.tcp.ngrok.io(18.189.106.45) - mailcious
widda1.ddns.net(10.0.0.4)
3.140.223.7
4
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
ET INFO DNS Query to a *.ngrok domain (ngrok.io)
ET MALWARE Remcos RAT Checkin 23
SURICATA Applayer Detect protocol only one direction
9.0
M
60
ZeroCERT
2
2022-06-23 09:20
oNLCS.exe
14d08312310af559531055015fc19c6e
AgentTesla
PWS[m]
backdoor
RemcosRAT
browser
info stealer
Google
Chrome
User Data
Malicious Library
UPX
Malicious Packer
Create Service
DGA
Socket
ScreenShot
DNS
Internet API
Code injection
Hijack Network
Sniff Audio
HTTP
Steal credential
KeyLogger
P2P
Do
Malware download
Remcos
NetWireRC
VirusTotal
Malware
AutoRuns
Code Injection
Check memory
Creates executable files
Windows utilities
Disables Windows Security
suspicious process
AppData folder
malicious URLs
WriteConsoleW
Windows
RAT
DNS
DDNS
keylogger
2
Info
×
razorr.bounceme.net(212.114.52.146)
212.114.52.146
2
Info
×
ET MALWARE Remcos RAT Checkin 23
ET POLICY DNS Query to DynDNS Domain *.bounceme .net
9.4
M
55
ZeroCERT
3
2021-08-31 09:38
CHUCK.exe
3343149d1253a8ec05b9afbe8cbedbec
backdoor
RemcosRAT
UPX
Malicious Packer
Malicious Library
PE File
PE32
VirusTotal
Malware
DNS
DDNS
3
Info
×
tobi12345.hopto.org(91.193.75.202) - mailcious
91.193.75.202
91.193.75.168 - mailcious
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.hopto .org
4.0
M
60
ZeroCERT
4
2021-08-31 09:34
MAMA.exe
3e1a8ffa07781e63228dcd1c8ef79738
AgentTesla
backdoor
RemcosRAT
browser
info stealer
Google
Chrome
User Data
UPX
Malicious Packer
Malicious Library
DGA
DNS
Socket
Create Service
Sniff Audio
Escalate priviledges
KeyLogger
Code injection
HTTP
Hijack Network
Internet API
FTP
ScreenShot
Http
VirusTotal
Malware
AutoRuns
Code Injection
Check memory
Creates executable files
Windows utilities
malicious URLs
WriteConsoleW
Windows
DNS
DDNS
2
Info
×
tobi12345.hopto.org(91.193.75.202) - mailcious
91.193.75.202
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.hopto .org
7.4
M
59
ZeroCERT
5
2021-08-31 09:32
CHUCKS.exe
d80188f36c0be5335622ab0a92b0e4c5
AgentTesla
backdoor
RemcosRAT
browser
info stealer
Google
Chrome
User Data
UPX
Malicious Packer
Malicious Library
DGA
DNS
Socket
Create Service
Sniff Audio
Escalate priviledges
KeyLogger
Code injection
HTTP
Hijack Network
Internet API
FTP
ScreenShot
Http
VirusTotal
Malware
AutoRuns
Code Injection
Check memory
Creates executable files
Windows utilities
malicious URLs
WriteConsoleW
Windows
DNS
DDNS
2
Info
×
tobi12345.hopto.org(91.193.75.202) - mailcious
91.193.75.202
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.hopto .org
8.0
M
58
ZeroCERT
6
2021-08-31 09:30
WIN32D.exe
78759a928bb2b4939dc057b6634f2aaf
AgentTesla
backdoor
RemcosRAT
browser
info stealer
Google
Chrome
User Data
UPX
Malicious Packer
Malicious Library
DGA
DNS
Socket
Create Service
Sniff Audio
Escalate priviledges
KeyLogger
Code injection
HTTP
Hijack Network
Internet API
FTP
ScreenShot
Http
VirusTotal
Malware
AutoRuns
Code Injection
Check memory
Creates executable files
Windows utilities
malicious URLs
WriteConsoleW
Windows
DNS
DDNS
2
Info
×
tobi12345.hopto.org(91.193.75.202) - mailcious
91.193.75.202
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.hopto .org
8.0
M
59
ZeroCERT
7
2021-08-19 10:29
RAR.exe
f1ce5c3870e9206af22fcf1d156d55ac
AgentTesla
backdoor
RemcosRAT
browser
info stealer
Google
Chrome
User Data
UPX
Malicious Library
Malicious Packer
DGA
DNS
Socket
Create Service
Sniff Audio
Escalate priviledges
KeyLogger
Code injection
HTTP
Hijack Network
Internet API
FTP
ScreenShot
Http
VirusTotal
Malware
AutoRuns
Code Injection
Check memory
Creates executable files
Windows utilities
malicious URLs
WriteConsoleW
Windows
DNS
DDNS
2
Info
×
tobi12345.hopto.org(18.118.55.110)
18.118.55.110
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.hopto .org
7.4
M
59
ZeroCERT
8
2021-08-19 10:23
win32c.exe
de9d4c9c1009d24b1fb38205a5277beb
AgentTesla
backdoor
RemcosRAT
browser
info stealer
Google
Chrome
User Data
UPX
Malicious Library
Malicious Packer
DGA
DNS
Socket
Create Service
Sniff Audio
Escalate priviledges
KeyLogger
Code injection
HTTP
Hijack Network
Internet API
FTP
ScreenShot
Http
VirusTotal
Malware
AutoRuns
Code Injection
Check memory
Creates executable files
Windows utilities
malicious URLs
WriteConsoleW
Windows
DNS
DDNS
keylogger
2
Info
×
tobi12345.hopto.org(18.118.55.110)
18.118.55.110
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.hopto .org
9.0
M
60
ZeroCERT
9
2021-08-19 10:14
ECHEZONA.exe
da05ccf8157f5567b50545e58635f96e
AgentTesla
backdoor
RemcosRAT
browser
info stealer
Google
Chrome
User Data
UPX
Malicious Library
Malicious Packer
DGA
DNS
Socket
Create Service
Sniff Audio
Escalate priviledges
KeyLogger
Code injection
HTTP
Hijack Network
Internet API
FTP
ScreenShot
Http
VirusTotal
Malware
AutoRuns
Code Injection
Check memory
Creates executable files
Windows utilities
malicious URLs
WriteConsoleW
Windows
DNS
DDNS
2
Info
×
echox12.ddns.net(18.118.135.36)
18.118.135.36
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
7.4
M
59
ZeroCERT
10
2021-08-19 09:41
CHARLES.exe
e1ed5d36eee3e84e65577c3b139004c6
AgentTesla
backdoor
RemcosRAT
browser
info stealer
Google
Chrome
User Data
UPX
Malicious Library
Malicious Packer
DGA
DNS
Socket
Create Service
Sniff Audio
Escalate priviledges
KeyLogger
Code injection
HTTP
Hijack Network
Internet API
FTP
ScreenShot
Http
VirusTotal
Malware
AutoRuns
Code Injection
Check memory
Creates executable files
Windows utilities
malicious URLs
WriteConsoleW
Windows
DNS
DDNS
2
Info
×
echox12.ddns.net(18.118.135.36)
18.118.135.36
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
8.0
M
60
ZeroCERT
11
2021-08-05 17:53
chrome.exe
51c906d4303e37f0cf8e137720bff0b2
AgentTesla
backdoor
RemcosRAT
browser
info stealer
Google
Chrome
User Data
UPX
Malicious Packer
Malicious Library
DGA
DNS
Socket
Create Service
Sniff Audio
Escalate priviledges
KeyLogger
Code injection
HTTP
Hijack Network
Internet API
FTP
ScreenShot
Http
Malware download
Remcos
NetWireRC
VirusTotal
Malware
AutoRuns
Code Injection
Check memory
Creates executable files
Windows utilities
malicious URLs
WriteConsoleW
Windows
RAT
keylogger
2
Info
×
kohjguj.ydns.eu(203.159.80.108)
203.159.80.108
1
Info
×
ET MALWARE Remcos RAT Checkin 23
7.6
M
59
ZeroCERT
12
2021-07-13 17:59
rem.exe
04694be6bf4a97114fda8dec4f9b8f42
AgentTesla
backdoor
RemcosRAT
browser
info stealer
Google
Chrome
User Data
DGA
DNS
Socket
Create Service
Sniff Audio
HTTP
Escalate priviledges
KeyLogger
FTP
Hijack Network
Code injection
Http API
Internet API
Steal credential
ScreenShot
Downloader
P2P
per
VirusTotal
Malware
AutoRuns
Code Injection
Check memory
Creates executable files
Windows utilities
malicious URLs
WriteConsoleW
Windows
2
Info
×
dpqw-avira.bot.nu(37.0.11.114)
37.0.11.114 - malware
7.6
58
ZeroCERT
First
1
Last
Total : 12cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword