Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
2476
2024-07-05 14:54
sostener.vbs
c45cccf34e0483bbb46f55d04ccb781b
Generic Malware
Antivirus
Hide_URL
PowerShell
VirusTotal
Malware
VBScript
powershell
suspicious privilege
Malicious Traffic
Check memory
Checks debugger
buffers extracted
wscript.exe payload download
Creates shortcut
unpack itself
Check virtual network interfaces
suspicious process
Tofsee
Windows
ComputerName
DNS
Cryptographic key
Dropper
3
Keyword trend analysis
×
Info
×
http://91.92.254.29/Users_API/ABBAS/file_odpxh4oq.2bf.txt
https://ia803405.us.archive.org/16/items/new_image_202406/new_image.jpg
https://bitbucket.org/sdfsfew/abbas-ksdmspaod/downloads/R28JUNIOSOST.txt
3
Info
×
ia803405.us.archive.org(207.241.232.195) - mailcious
91.92.254.29 - mailcious
207.241.232.195 - mailcious
2
Info
×
ET DROP Spamhaus DROP Listed Traffic Inbound group 13
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
10.0
M
7
ZeroCERT
2477
2024-07-05 11:13
software.exe
1ed6f9d578e14edad0bf47edf1f6269f
Vidar
Client SW User Data Stealer
LokiBot
RedLine stealer
ftp Client
info stealer
Malicious Library
.NET framework(MSIL)
UPX
ASPack
Http API
PWS
HTTP
Code injection
Internet API
AntiDebug
AntiVM
PE File
.NET EXE
PE32
OS Processor Check
FTP Client Info Stealer
VirusTotal
Malware
Telegram
PDB
suspicious privilege
MachineGuid
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
unpack itself
Windows utilities
Collect installed applications
suspicious process
malicious URLs
sandbox evasion
WriteConsoleW
anti-virtualization
installed browsers check
Tofsee
Windows
Browser
ComputerName
DNS
Software
3
Keyword trend analysis
×
Info
×
https://steamcommunity.com/profiles/76561199730044335 - rule_id: 40948
https://steamcommunity.com/profiles/76561199730044335
https://t.me/bu77un
5
Info
×
t.me(149.154.167.99) - mailcious
steamcommunity.com(23.222.161.105) - mailcious
149.154.167.99 - mailcious
184.26.241.154 - mailcious
95.217.241.48 - mailcious
3
Info
×
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
1
Info
×
https://steamcommunity.com/profiles/76561199730044335
16.4
32
ZeroCERT
2478
2024-07-05 11:09
Balanza.exe
91256800ace9fbe4fe2158ec132fc01e
UPX
PE File
PE32
MZP Format
VirusTotal
Malware
Check memory
1.4
M
6
ZeroCERT
2479
2024-07-05 11:08
KuwaitSetupHockey.exe
7f69b1fa6c0a0fe8252b40794adc49c6
Emotet
Generic Malware
Malicious Library
UPX
Admin Tool (Sysinternals etc ...)
Malicious Packer
PE File
PE32
MZP Format
OS Processor Check
Lnk Format
GIF Format
ftp
DLL
PE64
Buffer PE
Check memory
Checks debugger
buffers extracted
Creates shortcut
Creates executable files
ICMP traffic
unpack itself
AppData folder
AntiVM_Disk
VM Disk Size Check
ComputerName
DNS
crashed
1
Keyword trend analysis
×
Info
×
http://www.srbreferee.com/CheckNET.php
9
Info
×
ftpcluster.loopia.se(93.188.1.110)
mysql682.loopia.se(93.188.1.8)
mysql679.loopia.se(93.188.1.5)
www.srbreferee.com(93.188.2.53)
93.188.1.5
93.188.2.53 - mailcious
79.101.0.33 - mailcious
93.188.1.110
93.188.1.8
2
Info
×
ET HUNTING PE EXE Download over raw TCP
SURICATA Applayer Protocol detection skipped
9.8
M
ZeroCERT
2480
2024-07-05 11:07
BestChange.exe
22aea1c65376a239fcead8d4e0ff00e3
Malicious Library
.NET framework(MSIL)
UPX
PE File
.NET EXE
PE32
VirusTotal
Malware
PDB
Check memory
Checks debugger
unpack itself
ComputerName
1.6
M
2
ZeroCERT
2481
2024-07-04 17:29
UpdaterP.exe
40094e123c89625468665c8c196c2ffd
UPX
PE File
PE32
VirusTotal
Malware
unpack itself
DNS
1
Info
×
89.197.154.116 - mailcious
4.8
M
62
r0d
2482
2024-07-04 17:14
UtilityP.exe
771b79f619f789921ac9d720d16323ed
Malicious Library
PE File
PE64
VirusTotal
Malware
RWX flags setting
unpack itself
ComputerName
DNS
1
Info
×
89.197.154.116 - mailcious
5.2
56
ZeroCERT
2483
2024-07-04 17:12
5555.exe
99b1f5901c396f5d019f933eb80f6b09
Malicious Packer
UPX
PE File
PE32
VirusTotal
Malware
unpack itself
DNS
1
Info
×
144.22.38.242 - malware
2.6
M
64
ZeroCERT
2484
2024-07-04 17:10
a.exe
2d54d9c5710c8a2d09111644b8c6f76c
Generic Malware
Malicious Packer
PE File
PE64
VirusTotal
Malware
Code Injection
unpack itself
2.6
M
37
ZeroCERT
2485
2024-07-04 17:08
Explore.vbs
9b5731dd0f4fe8d82ce62e1ef83ebc8c
Generic Malware
Antivirus
Hide_URL
PowerShell
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
DNS
Cryptographic key
1
Info
×
89.197.154.116 - mailcious
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
9.0
30
ZeroCERT
2486
2024-07-04 17:08
DeathRansom_1.exe
a35596ed0bfb34de4e512a3225f8300a
Generic Malware
PE File
PE32
VirusTotal
Malware
Check memory
unpack itself
Ransom Message
Ransomware
ComputerName
crashed
5.0
M
66
ZeroCERT
2487
2024-07-04 17:06
LauncherR.exe
1b0f8cd0a0f9788b131ccf3f2a6d6d9b
Malicious Library
PE File
PE64
VirusTotal
Malware
RWX flags setting
unpack itself
ComputerName
DNS
1
Info
×
89.197.154.116 - mailcious
5.2
M
59
ZeroCERT
2488
2024-07-04 17:06
33per_.php.vbs
4c25e40bd05ca1c4c16ebeebb0133685
Generic Malware
Antivirus
Javascript_Blob
OS Processor Check
Check memory
unpack itself
WriteConsoleW
Windows
Cryptographic key
1.0
ZeroCERT
2489
2024-07-04 17:04
33per.php.vbs
24fca6b85f37a8b4e0322e9a459a6251
Generic Malware
Antivirus
Javascript_Blob
OS Processor Check
Check memory
unpack itself
WriteConsoleW
Windows
Cryptographic key
1.0
ZeroCERT
2490
2024-07-04 17:04
TrialP.exe
1b56ac299e10b84c9d04416ed1b309a2
MPRESS
PE File
PE32
VirusTotal
Malware
unpack itself
DNS
1
Info
×
89.197.154.116 - mailcious
4.2
M
57
ZeroCERT
First
Previous
161
162
163
164
165
166
167
168
169
170
Next
Last
Total : 48,289cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
