Home
Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide
2020-06-10
Version history
2020-06-10
login
popup
Submissions
10
15
20
50
Request
Connection
hash(md5,sha256)
Signature
PE API
Tag or IDS
Icon
user nickname
Date range button:
Date range picker
First seen:
Last seen:
No
Date
Request
Urls
Hosts
IDS
Rule
Score
Zero
VT
Player
Etc
13786
2023-04-19 09:39
za.xlsx
8d1c5cf6f85743869f7272d487bb180a
ZIP Format
exploit crash
unpack itself
Exploit
crashed
1.8
ZeroCERT
13787
2023-04-19 09:37
Funds_792120.wsf
dbf85f39dd98463b298f50302d64ea40
VBScript
heapspray
wscript.exe payload download
Tofsee
DNS
Dropper
3
Keyword trend analysis
×
Info
×
https://pastebin.com/raw/zD5ag0UX - rule_id: 29932
https://pastebin.com/raw/mJfkXNYx - rule_id: 29928
http://216.120.201.169/aSxBaqnfj98wz.dat
3
Info
×
pastebin.com(104.20.67.143) - mailcious
216.120.201.169 - mailcious
172.67.34.170 - mailcious
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
2
Info
×
https://pastebin.com/raw/zD5ag0UX
https://pastebin.com/raw/mJfkXNYx
10.0
M
ZeroCERT
13788
2023-04-19 09:29
script.ps1
126d0143c4a72b552b57453b5144bdae
Generic Malware
Antivirus
AutoRuns
Check memory
unpack itself
WriteConsoleW
Windows
Cryptographic key
1
Keyword trend analysis
×
Info
×
https://gold-fish.top/glazgo.zip
2.2
ZeroCERT
13789
2023-04-19 09:10
fotocr20.exe
d4c4291d2799089c25fd112ad2d03774
Gen1
Emotet
UPX
Malicious Library
CAB
PE32
PE File
Browser Info Stealer
FTP Client Info Stealer
AutoRuns
PDB
suspicious privilege
Check memory
Checks debugger
buffers extracted
WMI
Creates executable files
unpack itself
Disables Windows Security
Collect installed applications
AntiVM_Disk
VM Disk Size Check
installed browsers check
Windows
Update
Browser
ComputerName
Remote Code Execution
DNS
Cryptographic key
Software
crashed
1
Info
×
185.161.248.152
10.4
M
ZeroCERT
13790
2023-04-19 09:08
wcncsvc.exe
751eb8303e9c86d2b68e6dfac0754af0
Malicious Packer
.NET EXE
PE32
PE File
VirusTotal
Malware
Buffer PE
AutoRuns
suspicious privilege
MachineGuid
Check memory
Checks debugger
buffers extracted
unpack itself
human activity check
Windows
ComputerName
DNS
DDNS
3
Info
×
testrun123.hopto.org(24.184.74.42)
24.184.74.42
212.8.244.201 - mailcious
1
Info
×
ET POLICY DNS Query to DynDNS Domain *.hopto .org
9.0
M
66
ZeroCERT
13791
2023-04-19 09:06
contrem2.1.exe
08186cde92790a745f1e6fbf706fc800
UPX
Malicious Library
PE32
PE File
OS Processor Check
Remcos
VirusTotal
Malware
AutoRuns
Malicious Traffic
Check memory
Checks debugger
Creates executable files
unpack itself
AppData folder
WriteConsoleW
Windows
DNS
DDNS
1
Keyword trend analysis
×
Info
×
http://geoplugin.net/json.gp
4
Info
×
geoplugin.net(178.237.33.50)
katruda.duckdns.org(212.8.244.201)
178.237.33.50
212.8.244.201 - mailcious
3
Info
×
ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
ET JA3 Hash - Remcos 3.x TLS Connection
5.4
M
33
ZeroCERT
13792
2023-04-19 09:04
Funds_366728.wsf
dc0ded1a1a05a26960a9adbf3cc5e5cb
VBScript
heapspray
wscript.exe payload download
unpack itself
Tofsee
DNS
crashed
Dropper
3
Keyword trend analysis
×
Info
×
https://pastebin.com/raw/mJfkXNYx
https://pastebin.com/raw/zD5ag0UX
http://216.120.201.169/aSxBaqnfj9.dat
3
Info
×
pastebin.com(172.67.34.170) - mailcious
216.120.201.169 - mailcious
104.20.68.143 - mailcious
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
10.0
M
ZeroCERT
13793
2023-04-19 09:04
Funds_589281.wsf
3d90344c5976a644b6e482e9a325d9cb
VBScript
Check memory
heapspray
wscript.exe payload download
unpack itself
Tofsee
DNS
crashed
Dropper
3
Keyword trend analysis
×
Info
×
https://pastebin.com/raw/mJfkXNYx
https://pastebin.com/raw/zD5ag0UX
http://216.120.201.169/aSxBaqnfj98wz.dat
3
Info
×
pastebin.com(104.20.68.143) - mailcious
216.120.201.169 - mailcious
172.67.34.170 - mailcious
1
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
10.0
M
ZeroCERT
13794
2023-04-19 09:03
foto0165.exe
8cf8c1cae5a55df0a1fe7dab8f6b1a43
Gen1
Emotet
UPX
Malicious Library
CAB
PE32
PE File
Browser Info Stealer
FTP Client Info Stealer
AutoRuns
PDB
suspicious privilege
Check memory
Checks debugger
buffers extracted
WMI
Creates executable files
unpack itself
Collect installed applications
AntiVM_Disk
VM Disk Size Check
installed browsers check
Windows
Browser
ComputerName
Remote Code Execution
DNS
Cryptographic key
Software
crashed
1
Info
×
185.161.248.152
8.2
ZeroCERT
13795
2023-04-19 09:03
fotocr20.exe
dc948dea49fe875c99f065ee6ac246ad
Gen1
Emotet
UPX
Malicious Library
CAB
PE32
PE File
Browser Info Stealer
FTP Client Info Stealer
AutoRuns
PDB
suspicious privilege
MachineGuid
Check memory
Checks debugger
buffers extracted
WMI
Creates executable files
unpack itself
Disables Windows Security
Collect installed applications
AntiVM_Disk
VM Disk Size Check
installed browsers check
Windows
Update
Browser
ComputerName
Remote Code Execution
DNS
Cryptographic key
Software
crashed
1
Info
×
185.161.248.152
10.6
ZeroCERT
13796
2023-04-19 06:36
._WiFiLQMMetrics-2023-04-17-17...
a09e0c09530d357be5ea189cc870fed3
Downloader
Create Service
DGA
Socket
DNS
Hijack Network
Code injection
HTTP
PWS[m]
Sniff Audio
Steal credential
Http API
P2P
Internet API
Escalate priviledges
persistence
FTP
KeyLogger
ScreenShot
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
malicious URLs
Tofsee
Windows
Exploit
DNS
crashed
2
Info
×
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
4.2
guest
13797
2023-04-19 06:33
TransparencyTopic-2023-04-18-0...
c9f7c97f79ddacf70c48747de0599deb
AntiDebug
AntiVM
Email Client Info Stealer
suspicious privilege
Checks debugger
Creates shortcut
unpack itself
installed browsers check
Browser
Email
ComputerName
3.4
guest
13798
2023-04-19 06:33
WiFiLQMMetrics-2023-04-17-1704...
1661b9f129bfdd9c94bc68262e821622
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
Windows
Exploit
DNS
crashed
3.8
guest
13799
2023-04-19 06:33
CloudServicesTopic-2023-04-18-...
6b2ede8ffa4abf4625b9f58b6fd1cb08
Keylogger
Discord
AntiDebug
AntiVM
Email Client Info Stealer
suspicious privilege
Checks debugger
Creates shortcut
unpack itself
installed browsers check
Browser
Email
ComputerName
3.4
guest
13800
2023-04-19 06:31
._WiFiLQMMetrics-2023-04-17-17...
a09e0c09530d357be5ea189cc870fed3
AntiDebug
AntiVM
MSOffice File
Code Injection
RWX flags setting
exploit crash
unpack itself
Windows utilities
Windows
Exploit
DNS
crashed
3.8
guest
First
Previous
911
912
913
914
915
916
917
918
919
920
Next
Last
Total : 49,435cnts
Delete
×
Do you want to delete it?
View
×
Insert
×
http
domains
hosts
ips
Memo
Tag
Alert
×
Insert error....
keyword
