Threat Feed
SecuriteInfo.com.Win64.Evo-gen.24414153.exe
2026-03-05T20:45:41.505
malicious
Windows Exe (x86-64)
Close
SecuriteInfo.com.Win64.Evo-gen.24414153.exe
malicious
SHA256:
829fb4af3d264a5b35fdc45b4420d6c94fc833fa5323cb4b958f40753bb62d62
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Tries to read cached credentials of various applications
5/5
Vidar configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Malicious content matched by YARA rules
4/5
Makes indirect system call to possibly evade hooking based monitoring
3/5
Reads installed applications
3/5
Uses HTTP to upload a large amount of data
2/5
Allows invalid SSL certificates
2/5
Deletes file after execution
2/5
Tries to detect virtual machine
2/5
Dead Drop Resolver
2/5
Searches for sensitive browser data
2/5
Searches for sensitive mail data
2/5
Searches for sensitive application data
2/5
Reads sensitive mail data
1/5
Reads system data
1/5
Enumerates running processes
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Creates a page with write and execute permissions
1/5
Creates process with hidden window
1/5
Downloads executable
1/5
Tries to detect debugger
1/5
Query CPU Properties
1/5
Query OS Information
1/5
Possibly does reconnaissance
1/5
Resolves API functions dynamically
Spyware
Downloader
Stealer
RfsbTktNraIadwiF.exe
2026-03-05T20:29:03.997
malicious
Windows Exe (x86-32)
Close
RfsbTktNraIadwiF.exe
malicious
SHA256:
b4a489c4c3abc9baff0a9456da2e16cae14dbd0f90968990444a0a969cf627f0
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Remcos configuration was extracted
4/5
Obscures a file's origin
4/5
Process Hollowing
4/5
Creates elevated child process
4/5
Monitors clipboard content
3/5
Captures clipboard data
3/5
All network connection attempts failed
3/5
Monitors keyboard input
3/5
Monitors user input
2/5
Searches for sensitive browser data
2/5
Signed executable failed signature validation
2/5
Delays execution
2/5
Modifies control flow of a process started from a created or modified executable
2/5
Deletes file after execution
1/5
Enables process privileges
1/5
Drops PE file
1/5
Creates process with hidden window
1/5
Reads from memory of another process
1/5
Executes dropped PE file
1/5
Creates a page with write and execute permissions
1/5
Creates mutex
1/5
Query OS Information
1/5
Installs system startup script or application
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
1/5
Enumerates running processes
Spyware
Backdoor
Keylogger
Injector
o2BTb0vm23LYSI7D.exe
2026-03-05T20:27:41.157
malicious
Windows Exe (x86-32)
Close
o2BTb0vm23LYSI7D.exe
malicious
SHA256:
878c2c1b2ef7c2bb737f6680d32b275e1327deaf318ffc800a020daa7866719a
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Remcos configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Monitors clipboard content
3/5
Deletes file after execution
3/5
Suspicious content matched by YARA rules
3/5
Performs DNS request for known DDNS domain
3/5
Monitors keyboard input
3/5
Captures clipboard data
3/5
Monitors user input
2/5
Deletes file after execution
2/5
Tries to detect application sandbox
2/5
Delays execution
2/5
Schedules task
2/5
Schedules task via schtasks
1/5
Drops PE file
1/5
Tries to detect debugger
1/5
Creates process with hidden window
1/5
Enumerates running processes
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Resolves API functions dynamically
1/5
Unusual large memory allocation
1/5
Executes dropped PE file
1/5
Creates a page with write and execute permissions
1/5
Creates mutex
1/5
Query OS Information
Spyware
Backdoor
Keylogger
0749f54e08134cd9116bc19a070df0e7.exe
2026-03-05T20:19:07.237
malicious
Windows Exe (x86-64)
Close
0749f54e08134cd9116bc19a070df0e7.exe
malicious
SHA256:
ac88b82ebc65a8285c993396560c30fbb9d16c260e026e25eb036e028764e013
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
ValleyRAT configuration was extracted
3/5
Suspicious content matched by YARA rules
2/5
Delays execution
2/5
Creates a new process from a system binary
1/5
Writes an unusually large amount of data to the registry
1/5
Content matched by YARA rules
1/5
Query OS Information
1/5
Collects hardware properties
1/5
Resolves API functions dynamically
1/5
Creates mutex
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Creates a page with write and execute permissions
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
Backdoor
Zamówienie 14469 03_03_2026 GT Narzędzia.JS
2026-03-05T20:14:04.673
malicious
JScript
Close
Zamówienie 14469 03_03_2026 GT Narzędzia.JS
malicious
SHA256:
45ad5895d1c7e092920f20b4a6ef6dffc9faa44a71577b7d10ed44aea2ad74a4
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Sets up server that accepts incoming connections
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Tries to read cached credentials of various applications
4/5
Tries to detect the presence of antivirus software
4/5
Executes encoded PowerShell command
3/5
Reads sensitive mail data
3/5
Takes screenshot
2/5
Tries to connect using an uncommon port
2/5
Searches for sensitive application data
2/5
Executes PowerShell without default profile
2/5
Searches for sensitive mail data
2/5
Searches for sensitive browser data
2/5
Possibly does reconnaissance
2/5
Queries OS info via WMI
2/5
Downloads file
1/5
Content matched by YARA rules
1/5
Uses encryption API
1/5
Connects to remote host
1/5
Query OS Information
Spyware
Backdoor