Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
49141
2024-10-24 11:00
build.exe
26ab43d45d842d638fa8001df1c9fb6b
RedLine Infostealer
RedLine stealer
RedlineStealer
Malicious Library
.NET framework(MSIL)
UPX
PE File
.NET EXE
PE32
OS Processor Check
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
Check virtual network interfaces
Windows
DNS
Cryptographic key
DDNS
1
Info
×
bestmetrys.zapto.org(20.0.1.56)
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.zapto .org
3.0
63
ZeroCERT
49142
2024-10-24 11:00
marsel.exe
7b00870520af8ffe5a031a618a3ef0de
RedLine stealer
RedlineStealer
Malicious Library
.NET framework(MSIL)
UPX
PE File
.NET EXE
PE32
OS Processor Check
VirusTotal
Malware
Check memory
Checks debugger
unpack itself
Windows
DNS
Cryptographic key
1
Info
×
194.87.248.37
3.8
65
ZeroCERT
49143
2024-10-24 11:03
HEXABOT%20-GAMBL%C4%B0NGV2.0.e...
af93d5a246b37ce552356e6b61c9aec9
Emotet
Gen1
Generic Malware
Malicious Library
UPX
Antivirus
Hide_URL
PE File
PE64
CAB
PowerShell
VirusTotal
Malware
powershell
AutoRuns
PDB
suspicious privilege
MachineGuid
Check memory
Checks debugger
Creates shortcut
Creates executable files
unpack itself
powershell.exe wrote
Check virtual network interfaces
suspicious process
Windows
ComputerName
Remote Code Execution
Cryptographic key
2
Keyword trend analysis
×
Info
×
https://bitbucket.org/hgdfhdfgd/test/downloads/new_image2.jpg?14461721
https://bitbucket.org/hgdfhdfgd/test/downloads/new_image.jpg?14441723
1
Info
×
bitbucket.org(104.192.140.24) - malware
7.8
45
ZeroCERT
49144
2024-10-24 11:03
focustaskpro.exe
eb98253c7af23770d78d9e3e765d183d
Emotet
Gen1
Malicious Library
UPX
.NET framework(MSIL)
PE File
PE64
CAB
.NET EXE
PE32
OS Processor Check
VirusTotal
Malware
Buffer PE
AutoRuns
PDB
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
AppData folder
Windows
ComputerName
Remote Code Execution
5.4
41
ZeroCERT
49145
2024-10-24 11:05
get.php
4548851d7e7973d57dbc4cf37b11e40e
Generic Malware
UPX
PE File
.NET EXE
PE32
VirusTotal
Malware
WriteConsoleW
DNS
1
Info
×
5.tcp.eu.ngrok.io(3.67.161.133)
1
Info
×
ET INFO DNS Query to a *.ngrok domain (ngrok.io)
1.4
65
ZeroCERT
49146
2024-10-24 11:05
sameconcentrate.exe
e59f8c9c1aff8910a4936a24fb18fe61
Malicious Library
UPX
PE File
PE64
OS Processor Check
VirusTotal
Malware
Buffer PE
MachineGuid
Check memory
Checks debugger
buffers extracted
unpack itself
3.6
48
ZeroCERT
49147
2024-10-24 11:07
evil.hta
bbef4076e21551ff83395d537239ab87
PE File
VirusTotal
Malware
Check memory
Creates executable files
RWX flags setting
unpack itself
2.4
32
ZeroCERT
49148
2024-10-24 11:07
get.php
4336581e9f9024a927e63607e28c5afe
njRAT
backdoor
Generic Malware
PE File
PE32
MZP Format
.NET EXE
VirusTotal
Malware
Check memory
Checks debugger
Creates executable files
unpack itself
AppData folder
WriteConsoleW
5.0
66
ZeroCERT
49149
2024-10-24 11:09
get.php
3bf56419a0181ba623f53e58648848fd
njRAT
backdoor
Generic Malware
PE File
.NET EXE
PE32
VirusTotal
Malware
Checks debugger
unpack itself
WriteConsoleW
DNS
1
Info
×
6.tcp.eu.ngrok.io(3.69.115.178) - mailcious
1
Info
×
ET INFO DNS Query to a *.ngrok domain (ngrok.io)
2.4
65
ZeroCERT
49150
2024-10-24 11:09
V2.exe
1ddc055a8a01bd308f8241446643d642
njRAT
backdoor
PhysicalDrive
Generic Malware
PE File
.NET EXE
PE32
VirusTotal
Malware
suspicious privilege
Check memory
Checks debugger
Creates executable files
unpack itself
suspicious process
AppData folder
Windows
DNS
1
Info
×
away-displays.gl.at.ply.gg(147.185.221.20)
2
Info
×
ET INFO playit .gg Tunneling Domain in DNS Lookup
ET INFO Tunneling Service in DNS Lookup (* .ply .gg)
5.6
61
ZeroCERT
49151
2024-10-24 11:11
pump.exe
2d3353b602f987a974e014f891499e6f
Emotet
Gen1
Generic Malware
Malicious Library
UPX
Antivirus
PE File
PE64
CAB
VirusTotal
Malware
powershell
AutoRuns
PDB
suspicious privilege
MachineGuid
Check memory
Checks debugger
Creates shortcut
Creates executable files
unpack itself
suspicious process
Windows
ComputerName
Remote Code Execution
Cryptographic key
6.0
16
ZeroCERT
49152
2024-10-24 11:13
losscommunicationpro.exe
42bcf60a8c6cf654ceb015d9047218ef
Emotet
Gen1
Malicious Library
UPX
.NET framework(MSIL)
PE File
PE64
CAB
.NET EXE
PE32
OS Processor Check
VirusTotal
Malware
Buffer PE
AutoRuns
PDB
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
AppData folder
Windows
ComputerName
Remote Code Execution
5.4
40
ZeroCERT
49153
2024-10-24 11:14
seniorcommunicatepro.exe
ea95f1f57bf140891fe0401b8d34990d
Emotet
Gen1
Malicious Library
UPX
PE File
PE64
CAB
OS Processor Check
VirusTotal
Malware
Buffer PE
AutoRuns
PDB
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
Windows
Remote Code Execution
5.4
47
ZeroCERT
49154
2024-10-24 11:14
seethebestthingsformygirlshegr...
fe8fc9b6f9e8aa88dd3c80ebe9c4f872
Generic Malware
Antivirus
AntiDebug
AntiVM
PowerShell
PE File
DLL
PE32
.NET DLL
VirusTotal
Malware
powershell
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
Creates shortcut
Creates executable files
RWX flags setting
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
AppData folder
Windows
ComputerName
DNS
Cryptographic key
1
Keyword trend analysis
×
Info
×
http://192.3.220.40/666/newthingsforeveryonetogetforgreatthingstobe.tIF
1
Info
×
192.3.220.40 - mailcious
11.8
25
ZeroCERT
49155
2024-10-24 11:15
systemprog.vbs
90ec71dfb2e6911ea8d304c6fd353882
Generic Malware
Antivirus
Hide_URL
PowerShell
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
Windows utilities
suspicious process
WriteConsoleW
Windows
ComputerName
Cryptographic key
3
Keyword trend analysis
×
Info
×
http://ftp.desckvbrat.com.br/Upcrypter/01/DLL01.txt
https://drive.google.com/uc?export=download&id=1NaqdNXiGvI_q1RPkazFtMygmaqTJXu42
https://drive.google.com/uc?export=download&id=1g1jmXusX9mc9VmhVrJJ2XofZ3aK_cLOt
10.0
13
ZeroCERT
First
Previous
3271
3272
3273
3274
3275
3276
3277
3278
3279
3280
Next
Last
Total : 49,283cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
