Threat Feed
bins.sh
2025-09-02T03:40:30.664
malicious
Shell Script
Close
bins.sh
malicious
SHA256:
00c357873f9603d98a2644820ba887fb48c35ddf82867e3cd1283f23729e9d84
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Creates an unusually large number of processes
2/5
Tries to execute downloaded binary of different architecture than the host
2/5
Downloads file
1/5
Connects to remote host
Bot
DOC74485028488_02092025.exe
2025-09-02T03:31:07.119
malicious
Windows Exe (x86-32)
Close
DOC74485028488_02092025.exe
malicious
SHA256:
cc7210694517855e75fe27910ae61dc2633f74b01aa111d1b115d78d5bbb9af4
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Process Hollowing
4/5
Writes into the memory of another process
4/5
Modifies control flow of another process
1/5
Reads from memory of another process
1/5
Enables process privileges
1/5
Installs system startup script or application
1/5
Obfuscates control flow
1/5
Creates a page with write and execute permissions
1/5
Enumerates running processes
1/5
Creates process with hidden window
Injector
SecuriteInfo.com.Heur.30643.28724.exe
2025-09-02T03:30:47.702
malicious
Windows Exe (x86-32)
Close
SecuriteInfo.com.Heur.30643.28724.exe
malicious
SHA256:
cd37c70f73432edc09ba5eaddc861f58ba8574febbe4d5744b5c743631ce0165
VMRay Threat Identifiers
Close
Severity
Operation
5/5
DarkCloud configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Modifies control flow of another process
4/5
Writes into the memory of another process
2/5
Searches for sensitive FTP data
2/5
Enumerates running processes
2/5
Collects hardware properties
2/5
Sends control codes to a driver
2/5
Searches for sensitive mail data
2/5
Reads sensitive mail data
2/5
Tries to detect debugger
2/5
Searches for sensitive application data
2/5
Suspicious content matched by YARA rules
2/5
Makes direct system call to possibly evade hooking based monitoring
1/5
Content matched by YARA rules
1/5
Accesses volumes directly
1/5
Reads from memory of another process
1/5
Creates process with hidden window
1/5
Resolves API functions dynamically
1/5
Creates a page with write and execute permissions
1/5
Possibly does reconnaissance
1/5
Enables process privileges
Spyware
Injector
6b6caf6576d7591f48790617aad24d16.exe
2025-09-02T03:29:53.834
malicious
Windows Exe (x86-32)
Close
6b6caf6576d7591f48790617aad24d16.exe
malicious
SHA256:
701b8df01024b15c3b33a77f468345b82af01c85817ec83e6cef861ccdee3dbd
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Tries to read cached credentials of various applications
5/5
Lokibot configuration was extracted
3/5
Reads installed applications
2/5
Reads sensitive mail data
2/5
Delays execution
2/5
Searches for sensitive mail data
2/5
Reads sensitive application data
2/5
Searches for sensitive browser data
2/5
Reads sensitive browser data
2/5
Searches for sensitive application data
2/5
Searches for sensitive FTP data
2/5
Reads sensitive FTP data
1/5
Performs DNS request
1/5
Creates mutex
1/5
Connects to remote host
1/5
Content matched by YARA rules
1/5
Possibly does reconnaissance
1/5
Enables process privileges
1/5
Reads system data
Spyware
67d89979795a3c2586c5b98d32d62297.exe
2025-09-02T03:29:25.807
malicious
Windows Exe (x86-32)
Close
67d89979795a3c2586c5b98d32d62297.exe
malicious
SHA256:
0ad0298b4303962d0cf5a392ca2c3ad4bd2cd1d857c7a4810a0d1129888773ac
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Brute-forces user account
3/5
Connects to a CMS hoster
3/5
Creates a subprocess to cleanup tracks
3/5
Tries to detect the presence of antivirus software
2/5
Searches for sensitive browser data
2/5
Searches for sensitive FTP data
2/5
Searches for sensitive application data
2/5
Searches for sensitive mail data
2/5
Deletes file after execution
2/5
Enables critical process privileges
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Enables process privileges
1/5
Possibly does reconnaissance
1/5
Creates process with hidden window
1/5
Resolves API functions dynamically
Spyware