Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
46936
2024-08-11 14:23
66ae1dd27873e_file.exe
2967b157eb79a40d8ba4216c3294be82
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
VirusTotal
Malware
PDB
unpack itself
crashed
2.6
58
ZeroCERT
46937
2024-08-11 14:23
66ab1b27ae40b_BotClient.exe
d9a30725d248756dd74badb45d1b3171
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
Lnk Format
GIF Format
Malware download
VirusTotal
Malware
AutoRuns
Check memory
buffers extracted
Creates shortcut
Creates executable files
RWX flags setting
unpack itself
Windows utilities
suspicious process
AppData folder
WriteConsoleW
Windows
RisePro
ComputerName
DNS
1
Info
×
77.105.164.24 - mailcious
3
Info
×
ET MALWARE [ANY.RUN] RisePro TCP (Token)
ET MALWARE RisePro TCP Heartbeat Packet
ET MALWARE [ANY.RUN] RisePro TCP (Activity)
8.6
M
59
ZeroCERT
46938
2024-08-11 14:25
freedom.exe
db5717fd494495eea3c8f7d4ab29d6b0
Malicious Library
Antivirus
UPX
PE File
.NET EXE
PE32
OS Processor Check
VirusTotal
Malware
suspicious privilege
MachineGuid
Check memory
Checks debugger
unpack itself
AntiVM_Disk
VM Disk Size Check
Windows
ComputerName
Cryptographic key
4.0
M
58
ZeroCERT
46939
2024-08-11 14:25
controlrireeeMPDW-constraints....
dcf0d8a05c45980bd5bfc7184ea4c7e4
Generic Malware
Antivirus
Hide_URL
PowerShell
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
1
Keyword trend analysis
×
Info
×
https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
2
Info
×
ia803104.us.archive.org(207.241.232.154) - malware
207.241.232.154 - malware
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
7.2
M
ZeroCERT
46940
2024-08-11 14:27
GGWSUpdate.exe
2b1a769d68dd3486b48e3e5bd2296397
Malicious Library
PE File
.NET EXE
PE32
VirusTotal
Malware
PDB
Check memory
Checks debugger
unpack itself
2.2
M
46
ZeroCERT
46941
2024-08-11 14:28
66b38609432fa_sosusion.exe
0031946b83cbec1b920f827478e68c17
Generic Malware
Malicious Library
VMProtect
UPX
AntiDebug
AntiVM
PE File
PE64
OS Processor Check
.NET EXE
PE32
VirusTotal
Malware
Code Injection
buffers extracted
DNS
1
Info
×
188.40.137.167
7.2
M
43
ZeroCERT
46942
2024-08-11 14:29
66b211924622f_LummaC2.exe
6796c089b30aa2e34f560a27f7d230f3
UPX
PE File
PE32
VirusTotal
Malware
1.2
M
59
ZeroCERT
46943
2024-08-11 14:30
cred.dll
e4b1979dd4d6f2bf3d6668506ffe80e6
Amadey
Generic Malware
Malicious Library
UPX
PE File
DLL
PE32
OS Processor Check
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Email Client Info Stealer
Malware
Cryptocurrency wallets
Cryptocurrency
Malicious Traffic
Checks debugger
unpack itself
Windows utilities
sandbox evasion
installed browsers check
Windows
Browser
Email
DNS
Software
1
Keyword trend analysis
×
Info
×
http://80.66.75.214/g8djmsaxA/index.php - rule_id: 41863
1
Info
×
80.66.75.214 - malware
1
Info
×
http://80.66.75.214/g8djmsaxA/index.php
7.4
M
60
ZeroCERT
46944
2024-08-11 14:49
tt22.exe
6814dfc0fa3a4df8128768115211e095
Malicious Library
Antivirus
UPX
Anti_VM
PE File
PE64
OS Processor Check
VirusTotal
Malware
1.0
M
34
ZeroCERT
46945
2024-08-11 14:50
ConsoleApp3.exe
eb2e78bbb601facb768bd61a8e38b372
Malicious Packer
PE File
.NET EXE
PE32
VirusTotal
Malware
PDB
Malicious Traffic
Check memory
Checks debugger
unpack itself
Check virtual network interfaces
Tofsee
1
Keyword trend analysis
×
Info
×
https://tmpfiles.org/dl/10700323/fixclient.bin
2
Info
×
tmpfiles.org(104.21.21.16) - malware
172.67.195.247 - malware
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
3.0
M
24
ZeroCERT
46946
2024-08-11 14:50
66ae96cb3d23b_crypted.exe
4587aa68e93674b5d4e35fff967b72b0
Generic Malware
Malicious Library
UPX
PE File
PE32
OS Processor Check
PDB
unpack itself
crashed
1.2
M
ZeroCERT
46947
2024-08-11 14:50
66b382f122c02_stk.exe
f2908c73543719738bea99c02fdafe00
Generic Malware
MPRESS
Malicious Library
UPX
PE File
PE32
Lnk Format
GIF Format
OS Processor Check
Malware download
VirusTotal
Malware
AutoRuns
Check memory
buffers extracted
Creates shortcut
Creates executable files
RWX flags setting
unpack itself
Windows utilities
Checks Bios
Detects VirtualBox
Detects VMWare
suspicious process
AppData folder
WriteConsoleW
VMware
anti-virtualization
Windows
RisePro
ComputerName
Firmware
DNS
crashed
1
Info
×
77.105.164.24 - mailcious
3
Info
×
ET MALWARE [ANY.RUN] RisePro TCP (Token)
ET MALWARE RisePro TCP Heartbeat Packet
ET MALWARE [ANY.RUN] RisePro TCP (Activity)
13.6
M
43
ZeroCERT
46948
2024-08-11 14:50
evil.exe
9d21096674441d929c18fff44908a0e9
Generic Malware
Malicious Packer
Antivirus
UPX
AntiDebug
AntiVM
PE File
PE64
PowerShell
VirusTotal
Malware
powershell
suspicious privilege
MachineGuid
Code Injection
Malicious Traffic
Check memory
Checks debugger
Creates shortcut
unpack itself
Check virtual network interfaces
suspicious process
Windows
ComputerName
DNS
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://146.190.72.88:8080/page.php
1
Info
×
146.190.72.88 - malware
10.0
M
20
ZeroCERT
46949
2024-08-11 14:50
equitosssfridayMPDW-constraint...
a2f647c353cab5136d0b14bdc792ce7d
Generic Malware
Antivirus
Hide_URL
PowerShell
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
1
Keyword trend analysis
×
Info
×
https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
2
Info
×
ia803104.us.archive.org(207.241.232.154) - malware
207.241.232.154 - malware
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
7.2
M
ZeroCERT
46950
2024-08-11 14:51
66b837290469c_vidar.exe#space
dd9a8bbd0b8038552cb57b07a56f0ae2
Stealc
Client SW User Data Stealer
LokiBot
ftp Client
info stealer
Generic Malware
Malicious Library
.NET framework(MSIL)
UPX
Socket
Http API
PWS
HTTP
DNS
Code injection
Internet API
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
Telegram
PDB
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
unpack itself
malicious URLs
Tofsee
DNS
1
Keyword trend analysis
×
Info
×
https://steamcommunity.com/profiles/76561199751190313 - rule_id: 41879
5
Info
×
t.me(149.154.167.99) - mailcious
steamcommunity.com(104.74.42.104) - mailcious
149.154.167.99 - mailcious
104.71.154.102
78.46.239.218
3
Info
×
ET INFO TLS Handshake Failure
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
1
Info
×
https://steamcommunity.com/profiles/76561199751190313
9.2
M
12
ZeroCERT
First
Previous
3121
3122
3123
3124
3125
3126
3127
3128
3129
3130
Next
Last
Total : 48,198cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
