Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
22846
2022-12-20 16:23
https://www.visible.com/accoun...
aa5a7c858535b9e0d36cfe3e66077f24
PWS[m]
Downloader
Create Service
DGA
Socket
ScreenShot
DNS
Internet API
Code injection
Hijack Network
Sniff Audio
HTTP
Steal credential
KeyLogger
P2P
Escalate priviledges
persistence
FTP
Http API
AntiDebug
AntiVM
PNG Format
MSOffice File
JPEG Format
VirusTotal
Malware
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
www.visible.com(35.190.57.191)
35.190.57.191
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.6
guest
22847
2022-12-20 14:37
neojik.exe
bc857ecb5e0ad328a5dac42119f9209a
Malicious Library
UPX
PE32
PE File
OS Processor Check
Malware download
AveMaria
NetWireRC
VirusTotal
Malware
AutoRuns
MachineGuid
Check memory
Creates executable files
unpack itself
AppData folder
Windows
RAT
ComputerName
DNS
DDNS
keylogger
2
Info
×
dezember22.duckdns.org(212.86.115.220)
212.86.115.220 -
3
Info
×
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET MALWARE Ave Maria/Warzone RAT Encrypted CnC Checkin (Inbound)
ET MALWARE Ave Maria/Warzone RAT Encrypted CnC Checkin
5.2
M
14
ZeroCERT
22848
2022-12-20 14:34
wopngduxgf.exe
dc017def056e0c20105a4d767541a580
PWS[m]
RAT
email
stealer
Downloader
UPX
DNS
Code injection
KeyLogger
Escalate priviledges
persistence
AntiDebug
AntiVM
PE32
.NET EXE
PE File
VirusTotal
Malware
AutoRuns
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows
8.2
M
38
ZeroCERT
22849
2022-12-20 14:33
ladia.exe
f5399e9a1250cd605e255fdad3403457
Malicious Library
UPX
PE32
OS Processor Check
PE File
PDB
unpack itself
RCE
1.2
ZeroCERT
22850
2022-12-20 14:32
j.jpg.ps1
97817d0d04e4a937009187a101a1962d
Generic Malware
Antivirus
VirusTotal
Malware
Check memory
unpack itself
WriteConsoleW
Windows
Cryptographic key
1.6
10
ZeroCERT
22851
2022-12-20 14:06
alakim.exe
aabb09c3690d466afdfbbaeb791a8bc8
Malicious Library
UPX
PE32
PE File
FormBook
Malware download
VirusTotal
Malware
suspicious privilege
Malicious Traffic
Check memory
Creates executable files
unpack itself
1
Keyword trend analysis
×
Info
×
http://www.hijrahfwd.com/8rmt/?GVoxs=aO6o73ml0LOUhLgaY0qggU8a8dAyqmwgtzDB+vBDlWO/5GdJLRYMNvwevV6n/QAmN+rOPz0V&5jr=UlSp
4
Info
×
www.247repairs.info()
www.rio727casino.com()
www.hijrahfwd.com(2.57.90.16)
2.57.90.16 - mailcious
1
Info
×
ET MALWARE FormBook CnC Checkin (GET)
3.8
M
27
ZeroCERT
22852
2022-12-20 14:05
j.txt.ps1
60c0ade87802947a04c5d63b63e2ca28
PWS[m]
Gen2
email
stealer
Generic Malware
Downloader
Malicious Library
UPX
Malicious Packer
Antivirus
Socket
DNS
Code injection
KeyLogger
Escalate priviledges
persistence
AntiDebug
AntiVM
OS Processor Check
DLL
PE File
PE64
PE32
Malware download
AveMaria
NetWireRC
VirusTotal
Malware
powershell
Buffer PE
AutoRuns
suspicious privilege
MachineGuid
Code Injection
Malicious Traffic
Check memory
buffers extracted
WMI
Creates executable files
ICMP traffic
unpack itself
Windows utilities
powershell.exe wrote
Check virtual network interfaces
AppData folder
malicious URLs
WriteConsoleW
Firewall state off
human activity check
Windows
RAT
ComputerName
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://rqiscogroup.me/j/j.jpg
8
Info
×
microsoft.com(20.112.52.29)
google.com(142.250.207.110)
rqiscogroup.me(107.174.71.176) - mailcious
jayurbf.gleeze.com(185.216.71.245) - mailcious
185.216.71.245 - mailcious
107.174.71.176 - mailcious
20.112.52.29
172.217.175.238 - mailcious
1
Info
×
ET MALWARE Warzone RAT Response (Inbound)
17.6
M
12
ZeroCERT
22853
2022-12-20 14:04
Amadey_.exe
f2d6b29a92a7f81177de29db386d02ad
Malicious Library
UPX
PE32
OS Processor Check
PE File
VirusTotal
Malware
PDB
unpack itself
1.6
M
37
ZeroCERT
22854
2022-12-20 14:03
system.exe
32ecbfcd1b769c857657f0455bfae8de
njRAT
backdoor
Generic Malware
PE32
.NET EXE
PE File
VirusTotal
Malware
WriteConsoleW
DNS
1
Info
×
211.213.183.65
3.0
M
64
ZeroCERT
22855
2022-12-20 14:01
filename.exe
097eef5cb5a16841d3c92e4731ecd479
Malicious Library
UPX
PE32
OS Processor Check
PE File
VirusTotal
Malware
PDB
unpack itself
2.0
51
ZeroCERT
22856
2022-12-20 14:01
SafeInCloud.db
892ffb2c6c880302b4c0e5226a4546c9
guest
22857
2022-12-20 14:00
SafeInCloud.db
892ffb2c6c880302b4c0e5226a4546c9
guest
22858
2022-12-20 13:49
SafeInCloud.db
892ffb2c6c880302b4c0e5226a4546c9
AgentTesla
PWS[m]
browser
info stealer
Generic Malware
Google
Chrome
User Data
Downloader
Create Service
DGA
Socket
ScreenShot
DNS
BitCoin
Internet API
Code injection
Sniff Audio
HTTP
Steal credential
KeyLogger
P2P
Escalate priviledges
persistence
FTP
Htt
Browser Info Stealer
Code Injection
Checks debugger
exploit crash
unpack itself
malicious URLs
installed browsers check
Exploit
Browser
crashed
4.8
guest
22859
2022-12-20 11:54
bebra.exe
d54e7bf49911210420c73b5f116a82a7
Generic Malware
Malicious Library
PE File
PE64
VirusTotal
Malware
crashed
1.6
27
ZeroCERT
22860
2022-12-20 11:50
Clip1.exe
08e7e0da767d6c6a629627caad9f9a78
Malicious Library
PE File
PE64
VirusTotal
Malware
1.2
M
16
ZeroCERT
First
Previous
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
Next
Last
Total : 53,953cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
