Threat Feed
June 03062026.exe
2026-06-03T16:32:35.484
malicious
Windows Exe (x86-32)
Close
June 03062026.exe
malicious
SHA256:
2fe59a0eaf50f0836f9ce92ef8a08f553c836421823c5b3067caf54dbc2f4e40
VMRay Threat Identifiers
Close
Severity
Operation
5/5
GuLoader configuration was extracted
5/5
PhantomStealer configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Malicious content matched by YARA rules
3/5
Suspicious content matched by YARA rules
3/5
Modifies native system functions
3/5
Makes unaligned API calls to possibly evade hooking based sandboxes
3/5
Tries to evade debugger
2/5
Suspicious content matched by YARA rules
2/5
Tries to detect virtual machine
2/5
Creates an unusually large number of processes
1/5
Drops PE file
1/5
Creates a page with write and execute permissions
1/5
Unusual large memory allocation
1/5
Reads from memory of another process
1/5
Tries to detect debugger
1/5
Downloads file
1/5
Content matched by YARA rules
1/5
Creates process with hidden window
Spyware
Downloader
IccRxnQjLXFrnoSc.exe
2026-06-03T16:23:37.001
malicious
Windows Exe (x86-64)
Close
IccRxnQjLXFrnoSc.exe
malicious
SHA256:
28ad8bea01712d33febdb547e2602d6097e22aad29b35d40059c7ae2f2e05f03
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Masks file extension
4/5
Writes into the memory of another process
3/5
Modifies Windows Defender configuration
3/5
Modifies native system functions
3/5
Executes code with kernel privileges
2/5
Delays execution
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Schedules task
2/5
Creates an unusually large number of processes
2/5
Tries to detect virtual machine
1/5
Modifies application directory
1/5
Creates a page with write and execute permissions
1/5
Drops PE file
1/5
Downloads file
1/5
Executes dropped PE file
1/5
Creates process with hidden window
1/5
Installs system startup script or application
1/5
Creates mutex
1/5
Reads from memory of another process
1/5
Enumerates running processes
1/5
Loads a dropped DLL
1/5
Content matched by YARA rules
1/5
Modifies operating system directory
1/5
Resolves API functions dynamically
1/5
Overwrites code
Hacktool
Injector
03XDplTzU1I5V9Aq.exe
2026-06-03T15:56:33.793
malicious
Windows Exe (x86-32)
Close
03XDplTzU1I5V9Aq.exe
malicious
SHA256:
72296b615f097d0dfce668e788dc43b595135afa41825d44a35c705c1e663d8b
VMRay Threat Identifiers
Close
Severity
Operation
5/5
SalatStealer configuration was extracted
5/5
Known malicious mutex name is created
5/5
Combination of other detections shows configuration discovery
5/5
Tries to read cached credentials of various applications
5/5
Malicious content matched by YARA rules
3/5
Takes screenshot
2/5
Queries OS info via WMI
2/5
Searches for sensitive browser data
2/5
Reads sensitive browser data
2/5
Schedules task
2/5
Reads network adapter information
2/5
Suspicious content matched by YARA rules
2/5
Collects hardware properties
2/5
Searches for sensitive application data
2/5
Sets up server that accepts incoming connections
1/5
Connects to remote host
1/5
Modifies application directory
1/5
Creates process with hidden window
1/5
Reads system data
1/5
Enumerates running processes
1/5
Possibly does reconnaissance
1/5
Accesses Microsoft Security Software registry keys
1/5
Performs DNS request
1/5
Unusual large memory allocation
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
A monitored process crashed
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Timestamp manipulation
Spyware
SWIFT MT103.JS
2026-06-03T15:40:57.717
malicious
JScript
Close
SWIFT MT103.JS
malicious
SHA256:
bb9082a78e2c932c86ba4005d8015693e2af31080fbf560e91440d0435cc9851
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows configuration discovery
5/5
Tries to read cached credentials of various applications
5/5
Agent Tesla configuration was extracted
4/5
Sends data via a Telegram bot
3/5
Reads sensitive browser data
3/5
Reads sensitive mail data
2/5
Collects hardware properties
2/5
Reads network adapter information
2/5
Executes dropped PE file
2/5
Performs DNS request
2/5
Searches for sensitive browser data
2/5
Searches for sensitive mail data
2/5
Possibly does reconnaissance
2/5
Searches for sensitive application data
2/5
Searches for sensitive FTP data
2/5
Queries OS info via WMI
2/5
Enables process privileges
1/5
Unusual large memory allocation
1/5
Query OS Information
1/5
Enumerates running processes
1/5
Connects to remote host
Spyware
Downloader
wNBUJiNGRmpKkcKl.exe
2026-06-03T15:14:17.905
malicious
Windows Exe (x86-32)
Close
wNBUJiNGRmpKkcKl.exe
malicious
SHA256:
8bdaf0518978a8e22ef684295d5941f2dcec7d50dbf27c6207388d35a9a1c7de
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
SalatStealer configuration was extracted
5/5
Tries to read cached credentials of various applications
5/5
Combination of other detections shows configuration discovery
5/5
Known malicious mutex name is created
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Creates a Process with redirected Input
3/5
Monitors user input
3/5
Takes screenshot
2/5
Suspicious content matched by YARA rules
2/5
Reads network adapter information
2/5
Queries OS info via WMI
2/5
Searches for sensitive browser data
2/5
Reads sensitive browser data
2/5
Collects hardware properties
2/5
Sets up server that accepts incoming connections
2/5
Searches for sensitive application data
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Possibly does reconnaissance
1/5
Accesses Microsoft Security Software registry keys
1/5
Reads system data
1/5
Performs DNS request
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Timestamp manipulation
1/5
Modifies application directory
1/5
Unusual large memory allocation
Spyware