Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
10081
2023-07-23 09:54
safevpn20.11342.2k.exe
6bafba4a43173045136e95abe78666e8
Gen1
Emotet
Suspicious_Script_Bin
Generic Malware
UPX
Malicious Library
ASPack
Malicious Packer
Admin Tool (Sysinternals etc ...)
Anti_VM
OS Processor Check
PE64
PE File
icon
DLL
ZIP Format
BMP Format
Browser Info Stealer
VirusTotal
Malware
AutoRuns
Check memory
Creates executable files
unpack itself
Windows
Browser
3.6
37
ZeroCERT
10082
2023-07-23 09:46
new.exe
8bb15c76e2d55780ced07a1a2c589486
Lazarus Family
Themida Packer
UPX
Malicious Library
Http API
HTTP
ScreenShot
Internet API
AntiDebug
AntiVM
.NET EXE
PE File
PE32
Browser Info Stealer
Malware download
VirusTotal
Malware
Cryptocurrency wallets
Cryptocurrency
Buffer PE
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
unpack itself
Checks Bios
Collect installed applications
Detects VMWare
sandbox evasion
VMware
anti-virtualization
installed browsers check
Ransomware
Lumma
Stealer
Windows
Browser
ComputerName
Firmware
crashed
4
Keyword trend analysis
×
Info
×
http://gstatic-node.io/ - rule_id: 35379
http://gstatic-node.io/c2sock - rule_id: 35381
http://gstatic-node.io/c2sock
http://gstatic-node.io/c2conf - rule_id: 35380
2
Info
×
gstatic-node.io(172.67.204.199) - mailcious
172.67.204.199
1
Info
×
ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2
3
Info
×
http://gstatic-node.io/
http://gstatic-node.io/c2sock
http://gstatic-node.io/c2conf
17.4
M
24
ZeroCERT
10083
2023-07-23 09:45
System_root.vbs
994ed6b1d35267618f3d7f73833664d7
Generic Malware
Antivirus
Hide_URL
PowerShell
VirusTotal
Malware
powershell
suspicious privilege
Check memory
Checks debugger
Creates shortcut
unpack itself
Check virtual network interfaces
suspicious process
WriteConsoleW
Tofsee
Windows
ComputerName
Cryptographic key
1
Keyword trend analysis
×
Info
×
https://cdn.pixelbin.io/v2/red-wildflower-1b0af4/original/universo_vbs.jpeg
2
Info
×
cdn.pixelbin.io(54.230.167.111)
54.230.167.111
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
7.6
M
3
ZeroCERT
10084
2023-07-23 09:43
bilkad.exe
c4fe973e479a2af02dce5b9888e97917
PE64
PE File
VirusTotal
Malware
crashed
2.2
M
42
ZeroCERT
10085
2023-07-23 09:43
file.exe
fff2f00fa9387530fb724fb44855b4f3
UPX
Malicious Library
OS Processor Check
PE File
PE32
VirusTotal
Malware
unpack itself
Remote Code Execution
2.0
M
31
ZeroCERT
10086
2023-07-23 08:11
ROOTROOTROOOTROOOTROTROOTROT%2...
1e2437d520b6cf1964cd8146261ab344
MS_RTF_Obfuscation_Objects
RTF File
doc
VirusTotal
Malware
VBScript
Malicious Traffic
buffers extracted
exploit crash
unpack itself
Tofsee
Exploit
DNS
crashed
1
Keyword trend analysis
×
Info
×
http://192.3.216.144/500/System_root.vbs
3
Info
×
cdn.pixelbin.io(54.230.167.16)
192.3.216.144 - mailcious
54.230.167.117
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO Dotted Quad Host VBS Request
4.6
M
34
guest
10087
2023-07-23 08:08
qr.png
07ecd12de259e62383d687d8eac0b089
UPX
PE64
PE File
VirusTotal
Malware
unpack itself
crashed
2.2
M
41
guest
10088
2023-07-22 21:50
qr.png
07ecd12de259e62383d687d8eac0b089
UPX
PE64
PE File
VirusTotal
Malware
unpack itself
crashed
2.2
M
40
ZeroCERT
10089
2023-07-22 21:50
Setup.exe
bdf59f927ef99ae5b7a45d8e3d05700f
Generic Malware
Admin Tool (Sysinternals etc ...)
Http API
HTTP
ScreenShot
Internet API
AntiDebug
AntiVM
.NET EXE
PE File
PE32
Browser Info Stealer
Malware download
VirusTotal
Malware
Cryptocurrency wallets
Cryptocurrency
Buffer PE
PDB
suspicious privilege
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
unpack itself
Collect installed applications
sandbox evasion
installed browsers check
Ransomware
Lumma
Stealer
Browser
ComputerName
Remote Code Execution
Firmware
3
Keyword trend analysis
×
Info
×
http://gstatic-node.io/
http://gstatic-node.io/c2sock
http://gstatic-node.io/c2conf
2
Info
×
gstatic-node.io(104.21.37.53)
172.67.204.199
1
Info
×
ET MALWARE Win32/Lumma Stealer Data Exfiltration Attempt M2
14.6
M
47
ZeroCERT
10090
2023-07-22 21:49
ROOTROOTROOOTROOOTROTROOTROT%2...
1e2437d520b6cf1964cd8146261ab344
MS_RTF_Obfuscation_Objects
RTF File
doc
VirusTotal
Malware
VBScript
Malicious Traffic
buffers extracted
exploit crash
unpack itself
Tofsee
Exploit
DNS
crashed
1
Keyword trend analysis
×
Info
×
http://192.3.216.144/500/System_root.vbs
3
Info
×
cdn.pixelbin.io(54.230.167.117)
192.3.216.144 - mailcious
54.230.167.117
2
Info
×
ET INFO Dotted Quad Host VBS Request
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
4.6
M
34
ZeroCERT
10091
2023-07-22 21:48
freebobux.bin.exe
794b00893a1b95ade9379710821ac1a4
UPX
Malicious Library
AntiDebug
AntiVM
PE File
PE32
BMP Format
MZP Format
VirusTotal
Malware
Code Injection
Check memory
Creates executable files
unpack itself
AppData folder
WriteConsoleW
crashed
5.8
M
32
ZeroCERT
10092
2023-07-22 21:47
payload.exe
1dc2580260eb3d20bf700457ce0f235c
ScreenShot
AntiDebug
AntiVM
PE File
PE32
VirusTotal
Malware
AutoRuns
suspicious privilege
MachineGuid
Code Injection
Malicious Traffic
Check memory
Checks debugger
buffers extracted
WMI
Creates executable files
Windows utilities
AppData folder
sandbox evasion
Firewall state off
Windows
Browser
ComputerName
DNS
1
Keyword trend analysis
×
Info
×
http://209.145.51.44/tef/tasks.php
6
Info
×
alors.deepdns.cryptostorm.net()
onyx.deepdns.cryptostorm.net()
ns1.any.dns.d0wn.biz()
ns.dotbit.me() - mailcious
ns1.random.dns.d0wn.biz(178.17.170.133) - mailcious
209.145.51.44 - malware
2
Info
×
ET INFO Observed DNS Query to .biz TLD
ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 2
15.0
M
63
ZeroCERT
10093
2023-07-22 21:46
asas.exe
103746e75cc79da6379bc879dd58b17a
Generic Malware
UPX
Malicious Packer
OS Processor Check
PE64
PE File
VirusTotal
Malware
PDB
Remote Code Execution
1.4
M
39
ZeroCERT
10094
2023-07-22 21:44
build.exe
ed3809d571d4d52fa5bf9339b9750b27
Vidar
UPX
Malicious Library
OS Processor Check
PE File
PE32
VirusTotal
Malware
Telegram
MachineGuid
Malicious Traffic
Creates executable files
unpack itself
WriteConsoleW
Tofsee
ComputerName
DNS
4
Keyword trend analysis
×
Info
×
http://116.203.7.113/ba898ce7ff6c6db9d00aca6445e5d347
http://116.203.7.113/upgrade.zip
https://steamcommunity.com/profiles/76561198982268531 - rule_id: 35281
https://t.me/sundayevent
5
Info
×
t.me(149.154.167.99) - mailcious
steamcommunity.com(184.87.111.197) - mailcious
116.203.7.113
149.154.167.99 - mailcious
104.88.222.199
4
Info
×
ET INFO Observed Telegram Domain (t .me in TLS SNI)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET INFO Dotted Quad Host ZIP Request
1
Info
×
https://steamcommunity.com/profiles/76561198982268531
4.0
M
19
ZeroCERT
10095
2023-07-22 21:44
photo220.exe
1e91a70b891e93ad6124f5d0bee5c7ea
Gen1
Emotet
UPX
Malicious Library
CAB
PE File
PE32
PDB
Remote Code Execution
0.8
ZeroCERT
First
Previous
671
672
673
674
675
676
677
678
679
680
Next
Last
Total : 48,198cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
