Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
9346
2021-06-25 09:45
inCFxdZ2eOW7KAW.exe
709e4bfe015ece74ba2f90752f1c1164
AsyncRAT
backdoor
PWS
.NET framework
Generic Malware
Malicious Packer
AntiDebug
AntiVM
PE File
.NET EXE
PE32
Malware download
AsyncRAT
Dridex
NetWireRC
TrickBot
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
Creates executable files
unpack itself
Windows utilities
suspicious process
AppData folder
malicious URLs
WriteConsoleW
Kovter
Windows
ComputerName
DNS
Cryptographic key
1
Info
×
66.154.113.12 - mailcious
2
Info
×
ET JA3 Hash - Possible Malware - Various Trickbot/Kovter/Dridex
ET MALWARE Observed Malicious SSL Cert (AsyncRAT Server)
12.2
38
ZeroCERT
9347
2021-06-25 09:46
svchost.exe
f920c7f79470219208d2363f8d7fc248
AsyncRAT
backdoor
Generic Malware
PE File
.NET EXE
PE32
VirusTotal
Malware
MachineGuid
Malicious Traffic
Check memory
Checks debugger
unpack itself
Check virtual network interfaces
Tofsee
DNS
1
Keyword trend analysis
×
Info
×
https://cdn.discordapp.com/attachments/850415075210428439/852185279603146772/sex.dll
2
Info
×
cdn.discordapp.com(162.159.129.233) - malware
162.159.133.233 - malware
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
4.0
43
ZeroCERT
9348
2021-06-25 09:47
BtcBot.exe
731b194a2f9b8be5f2dcaa63c41f999d
AsyncRAT
backdoor
BitCoin
Generic Malware
AntiDebug
AntiVM
PE File
.NET EXE
OS Processor Check
PE32
VirusTotal
Malware
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Check virtual network interfaces
Windows
DNS
Cryptographic key
2
Info
×
78.24.221.196
66.154.113.12 - mailcious
9.0
42
ZeroCERT
9349
2021-06-25 09:48
mysql.exe
04c71f94367c495e5e9d7ed91fdeb190
AntiDebug
AntiVM
PE File
PE32
VirusTotal
Malware
AutoRuns
Code Injection
Check memory
unpack itself
Windows utilities
suspicious process
AppData folder
Windows
DNS
1
Info
×
121.4.183.54
7.0
49
ZeroCERT
9350
2021-06-25 09:53
Zeus_online_21060801.exe
6fbc0679860048dd6641e4230e0d4656
PE File
OS Processor Check
PE32
VirusTotal
Malware
PDB
Check memory
Checks debugger
unpack itself
Remote Code Execution
DNS
1
Info
×
121.4.183.54
3.0
29
ZeroCERT
9351
2021-06-25 09:54
microsoft.exe
cca3d19cf671c5c867ec29f296f78a93
PWS
.NET framework
Generic Malware
Malicious Packer
SMTP
KeyLogger
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows
ComputerName
DNS
crashed
1
Info
×
194.226.139.106
10.4
29
ZeroCERT
9352
2021-06-25 09:54
still.exe
4c41a028726fd85aa025d60c22bf451a
AsyncRAT
backdoor
PWS
.NET framework
BitCoin
Generic Malware
AntiDebug
AntiVM
PE File
.NET EXE
OS Processor Check
PE32
Browser Info Stealer
VirusTotal
Malware
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
unpack itself
Collect installed applications
Check virtual network interfaces
installed browsers check
Tofsee
Windows
Browser
ComputerName
DNS
Cryptographic key
crashed
3
Keyword trend analysis
×
Info
×
http://194.226.139.106:43188/ - rule_id: 2242
http://194.226.139.106:43188/
https://api.ip.sb/geoip
3
Info
×
api.ip.sb(104.26.13.31)
104.26.12.31
194.226.139.106
3
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET HUNTING Suspicious POST With Reference to WINDOWS Folder Possible Malware Infection
SURICATA HTTP unable to match response to request
1
Info
×
http://194.226.139.106:43188/
11.2
47
ZeroCERT
9353
2021-06-25 09:55
setup.exe
3f802f6b95addbe6d310b730bc6ff899
Emotet
PE File
OS Processor Check
PE32
DLL
VirusTotal
Malware
AutoRuns
Check memory
Creates executable files
unpack itself
suspicious process
Windows
Remote Code Execution
DNS
4.8
35
ZeroCERT
9354
2021-06-25 09:58
CausticMucous.exe
d070d331925d901996e19fda9f21a44b
Generic Malware
VMProtect
PE File
PE32
Browser Info Stealer
VirusTotal
Malware
Malicious Traffic
buffers extracted
Creates shortcut
RWX flags setting
unpack itself
sandbox evasion
Browser
ComputerName
2
Keyword trend analysis
×
Info
×
http://down.dh465.cn/SetFunVec.7z
http://down.dh465.cn/GentorBurch.7z
2
Info
×
down.dh465.cn(119.206.200.180)
119.206.200.180 - malware
7.2
44
ZeroCERT
9355
2021-06-25 10:02
getfile.php
a468360f0f1955c341486915e522e4c0
UPX
DGA
DNS
Socket
Create Service
Sniff Audio
HTTP
Escalate priviledges
KeyLogger
FTP
Code injection
Http API
Internet API
Steal credential
ScreenShot
Downloader
P2P
persistence
AntiDebug
AntiVM
PE File
PE64
DLL
VirusTotal
Malware
AutoRuns
Code Injection
Check memory
Checks debugger
Creates executable files
ICMP traffic
unpack itself
Windows utilities
suspicious process
sandbox evasion
Windows
ComputerName
DNS
crashed
2
Info
×
18.117.134.67
8.8.7.7
8.4
46
ZeroCERT
9356
2021-06-25 10:10
009382983.exe
25e015a1bed162cf1cb2e6de9dd76191
AsyncRAT
backdoor
PWS
.NET framework
Generic Malware
Malicious Library
AntiDebug
AntiVM
PE File
.NET EXE
PE32
suspicious privilege
Code Injection
Check memory
Checks debugger
buffers extracted
unpack itself
Windows
DNS
Cryptographic key
7.6
ZeroCERT
9357
2021-06-25 10:11
svc.exe
2499ec02ac63ee4844cead87766225db
PE File
OS Processor Check
PE32
PDB
unpack itself
Windows
crashed
2.2
ZeroCERT
9358
2021-06-25 10:11
moonitor-setup.exe
9f105a70f86071d39afad31c14c6c9c2
AsyncRAT
backdoor
NPKI
Generic Malware
Malicious Library
DGA
DNS
Socket
Create Service
Sniff Audio
HTTP
Escalate priviledges
KeyLogger
FTP
Hijack Network
Code injection
Http API
Internet API
Steal credential
ScreenShot
Downloader
P2P
persistence
AntiDebug
Browser Info Stealer
FTP Client Info Stealer
VirusTotal
Malware
Buffer PE
AutoRuns
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
Creates executable files
unpack itself
Windows utilities
Collect installed applications
Check virtual network interfaces
suspicious process
AppData folder
malicious URLs
AntiVM_Disk
WriteConsoleW
VM Disk Size Check
installed browsers check
Tofsee
Windows
Browser
ComputerName
DNS
Cryptographic key
Software
crashed
2
Keyword trend analysis
×
Info
×
http://78.46.225.155:47321/
https://api.ip.sb/geoip
4
Info
×
prRGwPXpYAiIFpIlDoAmoaNEmHUgK.prRGwPXpYAiIFpIlDoAmoaNEmHUgK()
api.ip.sb(172.67.75.172)
104.26.12.31
78.46.225.155
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA HTTP unable to match response to request
17.2
58
ZeroCERT
9359
2021-06-25 10:12
shell.exe
86a00b5a12665ccc4345b1540268579a
PE File
PE32
VirusTotal
Malware
unpack itself
DNS
1
Info
×
180.215.223.168
4.0
61
ZeroCERT
9360
2021-06-25 10:12
Chromatic.exe
efd0a1f6c70a1d26cbb5cf4d2bcc9222
PWS
Loki[b]
Loki[m]
Generic Malware
DGA
DNS
Socket
Create Service
Sniff Audio
HTTP
Escalate priviledges
KeyLogger
FTP
Code injection
Http API
Internet API
Steal credential
ScreenShot
Downloader
P2P
AntiDebug
AntiVM
PE File
.NET EXE
PE32
VirusTotal
Malware
Code Injection
Check memory
Checks debugger
unpack itself
Windows utilities
WriteConsoleW
Windows
4.0
41
ZeroCERT
First
Previous
621
622
623
624
625
626
627
628
629
630
Next
Last
Total : 47,993cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
