Threat Feed
656xc6576v75765x433234z342x6v7vv87687878v76v7.hta
2026-02-04T20:51:21.310
malicious
HTML Application
Close
656xc6576v75765x433234z342x6v7vv87687878v76v7.hta
malicious
SHA256:
3299e115c25d55414a27123bb5c0f2b2cb31f12072fbbf52b2b5c64fe469febe
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Remcos configuration was extracted
4/5
Process Hollowing
4/5
Reads from memory of another process
4/5
Writes into the memory of another process
3/5
Delays execution
3/5
Performs DNS request for known DDNS domain
2/5
Executes PowerShell without default profile
2/5
Performs DNS request
2/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
1/5
Connects to remote host
1/5
Query OS Information
1/5
Creates mutex
1/5
Unusual large memory allocation
Backdoor
Injector
2025 Pago de la devoluciĆ³n de Renta.exe
2026-02-04T20:32:34.887
malicious
Windows Exe (x86-32)
Close
2025 Pago de la devoluciĆ³n de Renta.exe
malicious
SHA256:
d8f15132511e76a9fd806b12108f633c1d8f493527c6961c092e0499a9014048
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
VIPKeylogger configuration was extracted
5/5
GuLoader configuration was extracted
4/5
Malicious content matched by YARA rules
3/5
Tries to evade debugger
3/5
Makes unaligned API calls to possibly evade hooking based sandboxes
3/5
Modifies native system functions
2/5
Hides files
2/5
Searches for sensitive application data
2/5
Searches for sensitive browser data
2/5
Tries to detect virtual machine
2/5
Suspicious content matched by YARA rules
2/5
Reads network adapter information
2/5
Searches for sensitive mail data
2/5
Reads sensitive mail data
1/5
Drops PE file
1/5
Performs DNS request
1/5
Checks external IP address
1/5
Enables process privileges
1/5
Possibly does reconnaissance
1/5
Enumerates running processes
1/5
Query OS Information
1/5
Accesses volumes directly
1/5
Tries to detect debugger
1/5
Unusual large memory allocation
1/5
Creates a page with write and execute permissions
1/5
Connects to remote host
1/5
Downloads file
1/5
Connects to SMTP server
1/5
Content matched by YARA rules
Spyware
Downloader
liblzma-5.dll
2026-02-04T20:30:50.251
malicious
Windows DLL (x86-64)
Close
liblzma-5.dll
malicious
SHA256:
40fc8d0fe590f2281efe1af792f90654aff809c3a445c2fc94f6f671c6faaa5d
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
SnakeKeylogger configuration was extracted
4/5
Process Hollowing
4/5
Malicious content matched by YARA rules
4/5
Writes into the memory of another process
1/5
Unusual large memory allocation
1/5
Creates a page with write and execute permissions
1/5
Resolves API functions dynamically
1/5
Reads from memory of another process
1/5
Creates process with hidden window
1/5
Content matched by YARA rules
Spyware
Injector
853a1ff6.lnk
2026-02-04T20:01:21.611
malicious
Windows Batch File (Shell Link)
Close
853a1ff6.lnk
malicious
SHA256:
45b7834109f21351440c83c4622e939ff04fcf660ef5559be796d93aeb8070f0
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Sets up server that accepts incoming connections
4/5
Abuses MSHTA to execute code
4/5
Attempts to connect through HTTPS
3/5
Suspicious content matched by YARA rules
2/5
Checks Internet connection
2/5
Searches for sensitive browser data
2/5
Performs DNS request
2/5
Downloads file
1/5
Accesses volumes directly
1/5
Connects to remote host
1/5
URL contains a TLD highly associated with phishing
1/5
Unusual large memory allocation
1/5
Query OS Information
Backdoor
96282978.lnk
2026-02-04T20:00:37.488
malicious
Windows Batch File (Shell Link)
Close
96282978.lnk
malicious
SHA256:
ec24b58ad5bdcfe48433a2d1e51fa730c7197cb339c95a2990607a9e7594aadc
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Sets up server that accepts incoming connections
4/5
Abuses MSHTA to execute code
4/5
Attempts to connect through HTTPS
3/5
Suspicious content matched by YARA rules
2/5
Searches for sensitive browser data
2/5
Performs DNS request
1/5
URL contains a TLD highly associated with phishing
1/5
Connects to remote host
1/5
Query OS Information
Backdoor