Threat Feed
Comprobante_swift_00909767676534465768645446_xlam.xls
2025-01-24T13:39:14.961
malicious
Excel Document
Close
Comprobante_swift_00909767676534465768645446_xlam.xls
malicious
SHA256:
3ef935594160a7d1b37538b78ea1f53d97d0c79039bcf30f65e3947a75a3b36d
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Sets up server that accepts incoming connections
5/5
Agent Tesla configuration was extracted
5/5
Combination of other detections shows configuration discovery
4/5
Modifies control flow of another process
4/5
Attempts to connect through HTTPS
4/5
Writes into the memory of another process
4/5
Connects to remote host
4/5
Reads from memory of another process
4/5
Performs DNS request
4/5
Queries OS version via WMI
4/5
Collects hardware properties
4/5
Malicious host or URL detected via reputation
4/5
Tries to connect using an uncommon port
4/5
Tries to detect application sandbox
4/5
Sends control codes to a driver
4/5
Document tries to create process
4/5
Malicious file detected via reputation
4/5
Exploits a vulnerability in MS Office
4/5
Attempts to connect through HTTP
3/5
Checks external IP address
3/5
Enables process privileges
2/5
Reads sensitive browser data
2/5
Reads sensitive mail data
2/5
Searches for sensitive browser data
2/5
Executes PowerShell without default profile
2/5
Searches for sensitive mail data
2/5
Contains known suspicious class identifier
2/5
Reads network adapter information
2/5
Possibly does reconnaissance
Spyware
Backdoor
Exploit
Injector
Order No.XPMEK-2025-SP0084.exe
2025-01-24T13:36:31.165
malicious
Windows Exe (x86-64)
Close
Order No.XPMEK-2025-SP0084.exe
malicious
SHA256:
751dbe3550248a6835510e22f91a26b9e52e1af94c4b472125501fab41b38d12
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Process Hollowing
4/5
Modifies control flow of another process
4/5
Writes into the memory of another process
3/5
Suspicious file detected via reputation
1/5
Enables process privileges
1/5
Creates mutex
1/5
Creates process with hidden window
1/5
A monitored process crashed
1/5
Creates a page with write and execute permissions
Injector
LummaC2.exe
2025-01-24T13:34:25.124
malicious
Windows Exe (x86-32)
Close
LummaC2.exe
malicious
SHA256:
c80f852db4f73aae745217744490bbc3553a2bdf5fe0327159c788c1b04578ae
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Lumma configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Malicious file detected via reputation
4/5
Malicious host or URL detected via reputation
4/5
Makes indirect system call to possibly evade hooking based monitoring
3/5
Captures clipboard data
3/5
Takes screenshot
3/5
Tries to detect the presence of antivirus software
2/5
Searches for sensitive browser data
2/5
Collects BIOS properties
2/5
Queries OS version via WMI
2/5
Queries a host's domain name
2/5
Collects hardware properties
1/5
Creates mutex
1/5
Creates process with hidden window
1/5
Possibly does reconnaissance
Spyware
Product List -Pictures-Specifications-pdf.exe
2025-01-24T13:31:00.136
malicious
Windows Exe (x86-32)
Close
Product List -Pictures-Specifications-pdf.exe
malicious
SHA256:
0821dcc73bae68da14a14dd1fd32b614792d213df171f4e2477e1bbaadc6dbc5
VMRay Threat Identifiers
Close
Severity
Operation
5/5
FormBook configuration was extracted
5/5
Malicious content matched by YARA rules
5/5
Adds a hook to a web browser
4/5
Writes into the memory of another process
4/5
Modifies Windows Defender configuration
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Modifies control flow of another process
3/5
Modifies native system functions
2/5
Tries to detect kernel debugger
2/5
Signed executable failed signature validation
2/5
Schedules task
2/5
Deletes file after execution
2/5
Tries to detect debugger
2/5
Delays execution
1/5
Overwrites code
1/5
Creates mutex
1/5
Enables process privileges
1/5
Reads from memory of another process
1/5
Creates process with hidden window
1/5
Creates a page with write and execute permissions
Spyware
Injector
LummaC2.exe
2025-01-24T13:30:07.524
malicious
Windows Exe (x86-32)
Close
LummaC2.exe
malicious
SHA256:
b20b3abfefc9b3344ad1171f18b9ce80db3b092fb64b5b4f2da766d46481a67a
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Lumma configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Malicious host or URL detected via reputation
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Malicious file detected via reputation
3/5
Takes screenshot
3/5
Tries to detect the presence of antivirus software
3/5
Captures clipboard data
2/5
Queries OS version via WMI
2/5
Queries a host's domain name
2/5
Searches for sensitive browser data
2/5
Collects BIOS properties
2/5
Collects hardware properties
1/5
Creates mutex
1/5
Creates process with hidden window
1/5
Possibly does reconnaissance
1/5
A monitored process crashed
Spyware