Threat Feed
READ ME! (List of free things).exe
2024-04-27T09:51:57.354
malicious
Windows Exe (x86-32)
Close
READ ME! (List of free things).exe
malicious
SHA256:
6efb57a28434d238a6fcd58c8aa90a1f1cda4d5897ecdce5351fb11a9a5abef2
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Malicious file detected via reputation
4/5
Modifies Windows Defender configuration
3/5
Monitors keyboard input
2/5
Collects hardware properties
2/5
Queries OS version via WMI
2/5
Tries to detect application sandbox
1/5
Executes dropped PE file
1/5
Creates mutex
1/5
Resolves API functions dynamically
1/5
Performs DNS request
1/5
Creates process with hidden window
1/5
Drops PE file
1/5
Checks external IP address
1/5
Enables process privileges
1/5
Connects to remote host
Spyware
Keylogger
cagrt.exe
2024-04-27T09:44:17.201
malicious
Windows Exe (x86-32)
Close
cagrt.exe
malicious
SHA256:
0f0f8f3babd10779dac4805595ef2141ad4dee809a140c3262c2cb729149ceb2
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Disables a crucial system tool
4/5
Malicious file detected via reputation
4/5
Bypasses Windows User Account Control (UAC)
4/5
Tries to disable antivirus software
3/5
Disables a crucial system service
2/5
Tries to detect virtual machine
2/5
Sets up server that accepts incoming connections
2/5
Delays execution
2/5
Hides files
1/5
Modifies application directory
1/5
Connects to remote host
1/5
Executes dropped PE file
1/5
Obfuscates control flow
1/5
Monitors keyboard input
1/5
Creates mutex
1/5
Resolves API functions dynamically
1/5
Checks external IP address
1/5
Modifies operating system directory
1/5
Enables process privileges
1/5
Enumerates running processes
1/5
Performs DNS request
1/5
Installs system startup script or application
Backdoor
Keylogger
777.exe
2024-04-27T09:41:02.917
malicious
Windows Exe (x86-32)
Close
777.exe
malicious
SHA256:
acf17b69da3e82d40c98c9cb27c04d190a694a62113e764e8ebdf8ff08da2c37
VMRay Threat Identifiers
Close
Severity
Operation
5/5
njRAT configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Malicious file detected via reputation
3/5
Performs DNS request for known DDNS domain
2/5
Modifies Windows Firewall configuration
1/5
Creates process with hidden window
1/5
Monitors keyboard input
1/5
Performs DNS request
1/5
Enables process privileges
1/5
Creates mutex
Backdoor
Keylogger
powershell.lnk
2024-04-27T09:32:41.697
malicious
PowerShell Script (Shell Link)
Close
powershell.lnk
malicious
SHA256:
49cf9fe1a5b1c9f9027ecef5093396552e022e437042f9ed9cee7b6122fb2dee
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Modifies operating system directory
4/5
Malicious file detected via reputation
2/5
Downloads file
2/5
Performs DNS request
1/5
Connects to remote host
2a29d10ec3310613657d8a0dcaa4aabe.virus.exe
2024-04-27T09:25:04.086
malicious
Windows Exe (x86-32)
Close
2a29d10ec3310613657d8a0dcaa4aabe.virus.exe
malicious
SHA256:
05b8805d514836fe3de91c1a34ba61a97c9c9ab46f380b65f81ab26cb1cb63d5
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Modifies content of user files
4/5
Malicious file detected via reputation
4/5
Masks file extension
3/5
Tries to evade debugger
2/5
Delays execution
2/5
Sends control codes to a driver
2/5
Searches for sensitive browser data
1/5
A monitored process crashed
1/5
Executes dropped PE file
1/5
Resolves API functions dynamically
1/5
Modifies operating system directory
1/5
Drops PE file
1/5
Accesses volumes directly
1/5
Overwrites code
1/5
Installs system startup script or application
1/5
Creates process with hidden window
Ransomware