Threat Feed
transferencia.JS
2026-05-26T16:39:11.252
malicious
JScript
Close
transferencia.JS
malicious
SHA256:
61390d4745969e18cc5b63d86592cb63c579fe3dc39d57c5bb6f6b4020166dbc
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Agent Tesla configuration was extracted
5/5
Combination of other detections shows configuration discovery
4/5
Tries to detect application sandbox
3/5
Reads sensitive mail data
3/5
Reads sensitive browser data
2/5
Performs DNS request
2/5
Executes dropped PE file
2/5
Reads network adapter information
2/5
Searches for sensitive browser data
2/5
Enables process privileges
2/5
Searches for sensitive mail data
2/5
Possibly does reconnaissance
2/5
Queries OS info via WMI
2/5
Collects hardware properties
1/5
Connects to remote host
1/5
Unusual large memory allocation
1/5
Query OS Information
1/5
Enumerates running processes
Spyware
Downloader
byy664788832.pdf.hta
2026-05-26T16:38:57.152
malicious
HTML Application
Close
byy664788832.pdf.hta
malicious
SHA256:
b0ee733761406e9c80de6ed903bc6f79552ce60ca376c4a1704f866594a299df
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Suspicious content matched by YARA rules
2/5
Checks Internet connection
2/5
Suspicious content matched by YARA rules
1/5
Unusual large memory allocation
Downloader
Quotation No 550.exe
2026-05-26T16:38:41.889
malicious
Windows Exe (x86-32)
Close
Quotation No 550.exe
malicious
SHA256:
e627b740ae08f837edaab2366cbb1889c7a353cbdbf60619edfd10ca0682bb3f
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Process Hollowing
4/5
Writes into the memory of another process
4/5
Modifies control flow of another process
3/5
Monitors user input
3/5
Obscures a file's origin
1/5
Installs system service
1/5
Monitors keyboard input
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Enables process privileges
1/5
Monitors mouse movements and clicks
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Reads from memory of another process
1/5
Creates a page with write and execute permissions
1/5
Creates mutex
Spyware
Injector
3581024554.js
2026-05-26T16:37:39.840
malicious
JScript
Close
3581024554.js
malicious
SHA256:
a2f1418d3fb216f7c3059084ee5c3e9e49daff13c764e4f28d6da394712f7dd8
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Remcos configuration was extracted
4/5
Attempts to connect through HTTP
4/5
Modifies control flow of another process
4/5
Writes into the memory of another process
4/5
Process Hollowing
3/5
Reads sensitive mail data
3/5
Reads installed applications
3/5
Delays execution
3/5
Bypasses PowerShell execution policy
2/5
Performs DNS request
2/5
Possibly does reconnaissance
2/5
Searches for sensitive mail data
2/5
Tries to detect debugger
2/5
Installs system startup script or application
2/5
Executes PowerShell with hidden window
2/5
Searches for sensitive browser data
2/5
Searches for sensitive application data
1/5
Connects to remote host
1/5
Executes WMI query
1/5
Enumerates running processes
1/5
Query OS Information
1/5
Creates mutex
1/5
Accesses Microsoft Security Software registry keys
Spyware
Backdoor
Injector
SOA APRIL 2026.JS
2026-05-26T16:35:02.795
malicious
JScript
Close
SOA APRIL 2026.JS
malicious
SHA256:
d5e77610e0caddffc539615ac0ff1cd25f08d0d86cadf29c1ba34f5a9f5e09e0
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows configuration discovery
5/5
Tries to read cached credentials of various applications
5/5
Agent Tesla configuration was extracted
4/5
Connects to SMTP server
3/5
Reads sensitive mail data
3/5
Reads sensitive browser data
2/5
Collects hardware properties
2/5
Reads network adapter information
2/5
Executes dropped PE file
2/5
Performs DNS request
2/5
Searches for sensitive browser data
2/5
Searches for sensitive mail data
2/5
Possibly does reconnaissance
2/5
Searches for sensitive application data
2/5
Searches for sensitive FTP data
2/5
Queries OS info via WMI
2/5
Enables process privileges
1/5
Unusual large memory allocation
1/5
Query OS Information
1/5
Enumerates running processes
1/5
Connects to remote host
Spyware
Downloader