Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
6616
2021-03-29 18:27
win32.exe
39291411ed14b0827245c81d2800ceeb
Azorult
.NET framework
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows
DNS
Cryptographic key
8.4
17
ZeroCERT
6617
2021-03-29 18:29
ss.exe
92068f4e5a7e704caf1fad1665121757
Antivirus
VirusTotal
Malware
powershell
suspicious privilege
MachineGuid
Check memory
Checks debugger
Creates shortcut
Creates executable files
unpack itself
Windows utilities
powershell.exe wrote
suspicious process
WriteConsoleW
Windows
ComputerName
DNS
Cryptographic key
8.6
M
30
ZeroCERT
6618
2021-03-30 07:42
g38ufhf.zip
bd4f52581f43477b31a387ed0b6a5684
Dridex
TrickBot
VirusTotal
Malware
PDB
MachineGuid
Malicious Traffic
Checks debugger
unpack itself
Collect installed applications
installed browsers check
Kovter
Browser
ComputerName
DNS
crashed
1
Info
×
210.65.244.176 - mailcious
1
Info
×
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
5.6
M
13
ZeroCERT
6619
2021-03-30 07:43
mvmt2vvq.rar
4965ee15608d57ec31b181c3abd39aec
Dridex
TrickBot
VirusTotal
Malware
PDB
MachineGuid
Malicious Traffic
Checks debugger
unpack itself
Collect installed applications
installed browsers check
Kovter
Browser
ComputerName
DNS
crashed
1
Info
×
210.65.244.176 - mailcious
1
Info
×
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
5.6
M
11
ZeroCERT
6620
2021-03-30 07:55
test.exe
d2be9aab83d330520dbd61c621ffede3
Azorult
.NET framework
AsyncRAT
backdoor
Dridex
TrickBot
VirusTotal
Malware
Kovter
DNS
2
Info
×
2.tcp.ngrok.io(3.22.53.161) - mailcious
13.59.15.185
2
Info
×
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET POLICY DNS Query to a *.ngrok domain (ngrok.io)
0.8
27
ZeroCERT
6621
2021-03-30 07:58
PNe5J9o1XCKpHYk.exe
40be18ff344e38f80cec056f5bd97f21
Azorult
.NET framework
VirusTotal
Malware
Buffer PE
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows utilities
suspicious process
WriteConsoleW
human activity check
Windows
ComputerName
DNS
Cryptographic key
2
Info
×
13.59.15.185
194.5.98.250 - mailcious
13.0
18
ZeroCERT
6622
2021-03-30 09:05
nassssss.exe
65f02385fcf4d6ee88ece964c6ed5968
VirusTotal
Malware
Buffer PE
suspicious privilege
MachineGuid
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows utilities
suspicious process
WriteConsoleW
human activity check
Windows
ComputerName
DNS
DDNS
2
Info
×
nassiru1144.ddns.net()
194.5.98.250 - mailcious
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.ddns .net
15.0
M
25
ZeroCERT
6623
2021-03-30 09:05
ClubHouseDesktop.exe
e7a524ad322494918ae561ac14d3445d
Azorult
.NET framework
AsyncRAT
backdoor
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Malware
Cryptocurrency wallets
Cryptocurrency
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
unpack itself
Collect installed applications
Check virtual network interfaces
installed browsers check
Tofsee
Ransomware
Windows
Browser
ComputerName
DNS
Cryptographic key
Software
crashed
2
Keyword trend analysis
×
Info
×
http://dereioria.xyz/
https://api.ip.sb/geoip
4
Info
×
dereioria.xyz(94.140.115.92)
api.ip.sb(172.67.75.172)
172.67.75.172
94.140.115.92
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
14.0
10
ZeroCERT
6624
2021-03-30 09:07
ig2764.tar
ecaab545b342711455efe23a8384a221
Dridex
TrickBot
VirusTotal
Malware
PDB
MachineGuid
Malicious Traffic
Checks debugger
unpack itself
Collect installed applications
installed browsers check
Kovter
Browser
ComputerName
DNS
crashed
1
Keyword trend analysis
×
Info
×
https://210.65.244.176/ - rule_id: 598
1
Info
×
210.65.244.176 - mailcious
1
Info
×
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
1
Info
×
https://210.65.244.176/
5.6
M
14
ZeroCERT
6625
2021-03-30 09:15
rt3ret3.exe
efa4b2e7d7016a1f80efff5840de3a18
VirusTotal
Malware
ComputerName
crashed
1.0
14
ZeroCERT
6626
2021-03-30 09:17
t37dwfat.zip
f13e6e958f4764b269daa240a747c845
Dridex
TrickBot
VirusTotal
Malware
PDB
MachineGuid
Malicious Traffic
Checks debugger
unpack itself
Collect installed applications
installed browsers check
Kovter
Browser
ComputerName
DNS
crashed
1
Keyword trend analysis
×
Info
×
https://210.65.244.176/ - rule_id: 598
1
Info
×
210.65.244.176 - mailcious
1
Info
×
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
1
Info
×
https://210.65.244.176/
5.4
M
5
ZeroCERT
6627
2021-03-30 09:17
1ZqMrk8mQUi4QyOyQcdBLzaB7JjNNJ...
865aae1544aa8063d4e140429010629e
VirusTotal
Malware
unpack itself
1.4
11
ZeroCERT
6628
2021-03-30 09:19
17CWye4uGNii_wt9wLwTCNPL4Vc_9x...
9a9f06b6a9e35f710b040c23db6336f3
VirusTotal
Malware
unpack itself
1.4
11
ZeroCERT
6629
2021-03-30 09:21
1U7BvIdACPCYa33aYRwgjh4ygq8niH...
6427bca6617804a2d53c77f931cc355a
VirusTotal
Malware
unpack itself
1.4
10
ZeroCERT
6630
2021-03-30 09:22
ret83d.exe
6db26c9db14987acb16fa21fbc499525
VirusTotal
Malware
AutoRuns
Code Injection
Check memory
Creates executable files
ICMP traffic
Windows utilities
sandbox evasion
Windows
ComputerName
DNS
1
Info
×
8.8.7.7
6.0
7
ZeroCERT
First
Previous
441
442
443
444
445
446
447
448
449
450
Next
Last
Total : 48,289cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
