Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
15061
2023-03-08 09:27
KgOsSXS0qerKyPTC.zip
a1cee8e9a84548cb2bb043f9c0b99eb3
guest
15062
2023-03-08 08:03
diyige.exe
64c467cadb010b645ad1a04bb9ae000b
UPX
Malicious Library
Malicious Packer
Anti_VM
PE32
PE File
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
Browser
DNS
crashed
2
Info
×
103.151.5.71
104.233.151.40
4.2
M
43
ZeroCERT
15063
2023-03-08 08:01
kizzd.exe
6bb3828d5bd61e4b73581121630c82e3
UPX
Malicious Library
Malicious Packer
Anti_VM
PE32
PE File
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
suspicious TLD
sandbox evasion
Browser
DNS
crashed
3
Info
×
www.5161658.top(103.151.5.71)
154.91.230.44
103.151.5.71
1
Info
×
ET DNS Query to a *.top domain - Likely Hostile
5.8
M
36
ZeroCERT
15064
2023-03-08 07:59
358.exe
34517f9ebbfdc93ea5590bdff48b8c0b
UPX
Malicious Library
Malicious Packer
Anti_VM
PE32
PE File
VirusTotal
Malware
Check memory
Checks debugger
buffers extracted
RWX flags setting
unpack itself
AntiVM_Disk
sandbox evasion
VM Disk Size Check
Browser
DNS
crashed
1
Info
×
43.154.61.211
6.4
M
42
ZeroCERT
15065
2023-03-08 07:59
zckop.exe
8ed2a04ece93bee35023ce41afccae0b
UPX
Malicious Library
Malicious Packer
Anti_VM
PE32
PE File
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
sandbox evasion
Browser
DNS
crashed
1
Info
×
154.91.230.44
5.0
M
38
ZeroCERT
15066
2023-03-08 07:46
zmp2.exe
212c5beb7e726a395316402bc999a534
UPX
Malicious Library
Malicious Packer
Anti_VM
PE32
PE File
VirusTotal
Malware
Checks debugger
unpack itself
DNS
crashed
1
Info
×
103.127.83.43 - mailcious
4.2
M
29
ZeroCERT
15067
2023-03-07 18:07
ChatGPT.scr
a0b3955d2406cf5b66628ea21bb1a41a
RedLine stealer[m]
UPX
Malicious Library
AntiDebug
AntiVM
OS Processor Check
PE32
PE File
Buffer PE
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows
DNS
Cryptographic key
1
Info
×
142.132.186.212 - mailcious
8.0
ZeroCERT
15068
2023-03-07 17:32
Setup.scr
fe78071bcd7b5fd9105734aaa485f816
RedLine stealer[m]
UPX
Malicious Library
AntiDebug
AntiVM
OS Processor Check
PE32
PE File
Buffer PE
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows
DNS
Cryptographic key
1
Info
×
142.132.186.212 - mailcious
8.6
ZeroCERT
15069
2023-03-07 17:28
Injection.scr
4e32c1ae7807c0a82e3b68b6791345fc
RedLine stealer[m]
UPX
Malicious Library
AntiDebug
AntiVM
OS Processor Check
PE32
PE File
Buffer PE
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows
DNS
Cryptographic key
1
Info
×
142.132.186.212 - mailcious
8.0
ZeroCERT
15070
2023-03-07 17:04
Invoice-1449260.pdf
adfc880ef5985ca36a7c9b7477a5b899
PDF Suspicious Link
PDF
unpack itself
Windows utilities
Windows
1.4
ZeroCERT
15071
2023-03-07 16:46
Qqmgu.exe
d51b795d07157787fcbd5a19a70f1a01
.NET EXE
PE32
PE File
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
unpack itself
Windows
ComputerName
Cryptographic key
crashed
3.0
M
26
ZeroCERT
15072
2023-03-07 16:46
EKL.exe
21eee575b2425a16123e5eccb8d280c6
AgentTesla
PWS[m]
browser
info stealer
Google
Chrome
User Data
Downloader
Create Service
Socket
DNS
Internet API
Sniff Audio
KeyLogger
Escalate priviledges
AntiDebug
AntiVM
.NET EXE
PE32
PE File
Remcos
VirusTotal
Malware
AutoRuns
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
suspicious process
Windows
DNS
keylogger
1
Keyword trend analysis
×
Info
×
http://geoplugin.net/json.gp
5
Info
×
geoplugin.net(178.237.33.50)
craigjonson1.gotdns.ch(194.180.49.19) - mailcious
178.237.33.50
194.180.49.19 - mailcious
23.111.184.154
2
Info
×
ET INFO DYNAMIC_DNS Query to a *.gotdns .ch Domain
ET JA3 Hash - Remcos 3.x TLS Connection
13.6
M
49
ZeroCERT
15073
2023-03-07 16:43
cronometro.exe
c936447056679be7cfbdb7273a1d98c8
RAT
UPX
Admin Tool (Sysinternals etc ...)
.NET EXE
PE32
PE File
VirusTotal
Malware
PDB
Malicious Traffic
Check memory
Checks debugger
unpack itself
Check virtual network interfaces
Windows
ComputerName
2
Keyword trend analysis
×
Info
×
http://144.217.6.71/cronometro/versao.txt
http://vps-480be556.vps.ovh.ca/cronometro/logger.php?machine=TEST22-PC
2
Info
×
vps-480be556.vps.ovh.ca(144.217.6.71)
144.217.6.71 - malware
5.4
M
24
ZeroCERT
15074
2023-03-07 16:41
gr8t.exe
4d5347cd6edbad9c467080f19bb542b3
PWS
.NET framework
RAT
UPX
OS Processor Check
.NET EXE
PE32
PE File
VirusTotal
Malware
PDB
Malicious Traffic
Check memory
Checks debugger
unpack itself
Check virtual network interfaces
Tofsee
Windows
1
Keyword trend analysis
×
Info
×
http://vulcano-group.com/west/Ndiovdhtftx.dat
2
Info
×
vulcano-group.com(23.111.184.154)
23.111.184.154
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
3.8
2
ZeroCERT
15075
2023-03-07 16:41
espI.exe
db1128cf32902770d5b0075772bfc0b9
RAT
UPX
Malicious Library
Malicious Packer
OS Processor Check
.NET EXE
PE32
PE File
VirusTotal
Malware
MachineGuid
Check memory
Checks debugger
unpack itself
AntiVM_Disk
VM Disk Size Check
ComputerName
2.8
M
40
ZeroCERT
First
Previous
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
Next
Last
Total : 49,696cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
