Threat Feed
assailant
2026-06-20T16:48:50.836
malicious
Linux ELF Executable (x86-64)
Close
assailant
malicious
SHA256:
1ddcdf43d533e234a560a9625c33d5692bd403de65537acfe554427de1ace988
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Gafgyt configuration was extracted
3/5
All network connection attempts failed
2/5
Delays execution
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
Trojan
Bot
file.exe
2026-06-20T16:45:29.510
malicious
Windows Exe (x86-64)
Close
file.exe
malicious
SHA256:
0dcbe5afb17831300599e9cdc3c8a655c1380c86a1562db04fec664677a50e20
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Tries to read cached credentials of various applications
3/5
Reads installed applications
3/5
Tries to evade debugger
3/5
Uses HTTP to upload a large amount of data
2/5
Searches for sensitive browser data
2/5
Searches for cryptocurrency wallet locations
2/5
Searches for sensitive mail data
2/5
Reads sensitive browser data
2/5
Searches for sensitive FTP data
2/5
Searches for sensitive application data
2/5
Dead Drop Resolver
2/5
Suspicious content matched by YARA rules
1/5
Creates mutex
1/5
Tries to detect debugger
1/5
Enumerates running processes
1/5
Query OS Information
1/5
Query CPU Properties
1/5
Unusual large memory allocation
1/5
Enables process privileges
1/5
Resolves API functions dynamically
Spyware
Vmlyjlrir.exe
2026-06-20T16:44:51.879
malicious
Windows Exe (x86-32)
Close
Vmlyjlrir.exe
malicious
SHA256:
afa807cee34e8b931688ccf2be76b7ea5337af3d64714a348bead839c756643a
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Writes into the memory of another process
4/5
Process Hollowing
4/5
Modifies control flow of another process
3/5
Takes screenshot
3/5
Tries to detect the presence of antivirus software
2/5
Searches for sensitive browser data
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Tries to detect debugger
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Unusual large memory allocation
1/5
Creates a page with write and execute permissions
1/5
Enables process privileges
1/5
Enumerates running processes
1/5
Creates mutex
1/5
Creates process with hidden window
1/5
Query OS Information
1/5
Possibly does reconnaissance
1/5
Reads from memory of another process
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
Spyware
Injector
Kshwxb.dll
2026-06-20T16:42:53.213
malicious
Windows DLL (x86-32)
Close
Kshwxb.dll
malicious
SHA256:
5ba5dbab575a73dde2dfb27e53f91512e7242e1de95aeaba69fe20f68d325421
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Modifies control flow of another process
4/5
Writes into the memory of another process
4/5
Process Hollowing
3/5
Takes screenshot
3/5
Tries to detect the presence of antivirus software
2/5
Collects hardware properties
2/5
Queries OS info via WMI
2/5
Searches for sensitive browser data
2/5
Searches for cryptocurrency wallet locations
2/5
Delays execution
2/5
Tries to detect debugger
1/5
Possibly does reconnaissance
1/5
Enables process privileges
1/5
Reads from memory of another process
1/5
Creates a page with write and execute permissions
1/5
Creates process with hidden window
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Unusual large memory allocation
1/5
Enumerates running processes
1/5
Creates mutex
1/5
Query OS Information
Spyware
Injector
Unicore.exe
2026-06-20T16:42:21.480
malicious
Windows Exe (x86-32)
Close
Unicore.exe
malicious
SHA256:
89a9dfb74bf31b40951bac672cd108db9c7c4cbdcf282d1f29e8049d3b4b47d7
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Known malicious mutex name is created
5/5
SalatStealer configuration was extracted
5/5
Combination of other detections shows configuration discovery
5/5
Malicious content matched by YARA rules
5/5
Tries to read cached credentials of various applications
3/5
Takes screenshot
2/5
Searches for cryptocurrency wallet locations
2/5
Searches for sensitive browser data
2/5
Collects hardware properties
2/5
Queries OS info via WMI
2/5
Delays execution
2/5
Reads network adapter information
2/5
Searches for sensitive application data
2/5
Sets up server that accepts incoming connections
2/5
Suspicious content matched by YARA rules
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Schedules task
1/5
Content matched by YARA rules
1/5
Creates process with hidden window
1/5
Possibly does reconnaissance
1/5
Resolves API functions dynamically
1/5
Reads system data
1/5
Enumerates running processes
1/5
Unusual large memory allocation
1/5
Accesses Microsoft Security Software registry keys
1/5
Performs DNS request
1/5
Modifies application directory
Spyware