Threat Feed
Lk4PnEInqUolo1OF.html
2025-10-17T16:37:22.417
malicious
HTML Document
Close
Lk4PnEInqUolo1OF.html
malicious
SHA256:
8e4e019e270722723122103ed8352088ee0f0f7be5d61f73227527d0beecc957
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections indicates a phishing website
2/5
Page uses exact same title as that of a popular online service
2/5
The HTML file contains logon form
1/5
Logon form detected via Computer Vision
1/5
Page presents itself as a logon page
Phishing
6MMf7eUCCAAyKehd.exe
2025-10-17T16:24:19.225
malicious
Windows Exe (x86-32)
Close
6MMf7eUCCAAyKehd.exe
malicious
SHA256:
69721b551919e20f92b73a3e26078743b3269e6c88eeb1c5c4ddb1734ee8042f
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Office macro uses a file I/O function
2/5
Office macro uses a suspicious function
2/5
Office macro uses an execute function
2/5
Office macro uses a network function
2/5
Suspicious content matched by YARA rules
1/5
Creates a page with write and execute permissions
1/5
A monitored process crashed
1/5
Resolves API functions dynamically
Backdoor
Virus
WibFUmE6jjkqnMNr.exe
2025-10-17T15:24:18.077
malicious
Windows Exe (x86-32)
Close
WibFUmE6jjkqnMNr.exe
malicious
SHA256:
2cc9ed0c0194daec5fa9153f35a0167d3be042d61d250c38dbc8e7609a5d1b57
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Malicious content matched by YARA rules
5/5
Known malicious mutex name is created
3/5
Injects a file into another process
3/5
Captures clipboard data
3/5
Monitors keyboard input
2/5
Enables critical process privileges
1/5
Resolves API functions dynamically
1/5
Enables process privileges
1/5
Installs system startup script or application
Spyware
Backdoor
Aura.exe
2025-10-17T14:45:42.074
malicious
Windows Exe (x86-32)
Close
Aura.exe
malicious
SHA256:
03723a05664cb74502e9a71ad1a6ce2d1dcdbf501b638efd0780ec246ce2b502
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Rhadamanthys configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Malicious content matched by YARA rules
4/5
Writes into the memory of another process
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Entry point injection
3/5
Suspicious content matched by YARA rules
3/5
Takes screenshot
3/5
Modifies native system functions
2/5
Collects hardware properties
2/5
Tries to detect application sandbox
2/5
Tries to detect a forensic tool
2/5
Searches for sensitive browser data
2/5
Searches for sensitive mail data
2/5
Tries to detect virtual machine
2/5
Searches for sensitive FTP data
2/5
Searches for sensitive application data
2/5
Signed executable failed signature validation
2/5
Tries to detect debugger
2/5
Sets up server that accepts incoming connections
2/5
Delays execution
2/5
Reads sensitive browser data
2/5
Deletes file after execution
2/5
Reads sensitive mail data
1/5
Query OS Information
1/5
Creates process with hidden window
1/5
Reads from memory of another process
1/5
Possibly does reconnaissance
1/5
Creates a page with write and execute permissions
1/5
Reads system data
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Downloads executable
1/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
A monitored process crashed
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Enumerates running processes
1/5
Creates mutex
1/5
Installs system startup script or application
Spyware
Downloader
Injector
Aviso de pago_ref0018894.pdf.jse
2025-10-17T14:24:18.869
malicious
JScript
Close
Aviso de pago_ref0018894.pdf.jse
malicious
SHA256:
3b3a5f743f60f1475aef3084fcb19496a8424057436e7ef2034930d3216b1f80
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Agent Tesla configuration was extracted
5/5
Combination of other detections shows configuration discovery
5/5
Sets up server that accepts incoming connections
4/5
Sends control codes to a driver
4/5
Tries to detect application sandbox
4/5
Process Hollowing
4/5
Reads from memory of another process
4/5
Writes into the memory of another process
3/5
Enables process privileges
3/5
Reads sensitive browser data
3/5
Reads sensitive mail data
3/5
A monitored process crashed
2/5
Executes PowerShell without default profile
2/5
Searches for sensitive mail data
2/5
Queries OS version via WMI
2/5
Collects hardware properties
2/5
Performs DNS request
2/5
Tries to connect using an uncommon port
2/5
Checks external IP address
2/5
Possibly does reconnaissance
2/5
Reads network adapter information
2/5
Searches for sensitive browser data
1/5
Connects to remote host
1/5
Enumerates running processes
1/5
Query OS Information
Spyware
Backdoor
Injector