Threat Feed
PDdwkmbhJuNEXtfW.exe
2026-05-24T17:24:03.451
malicious
Windows Exe (x86-32)
Close
PDdwkmbhJuNEXtfW.exe
malicious
SHA256:
d9af261e2d79a7e6a13a86cda68e50f267129695ae2abb5ba92df720ac32a0b7
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Amadey configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Writes into the memory of another process
4/5
Modifies control flow of another process
4/5
DLL Hollowing
3/5
Tries to detect the presence of antivirus software
3/5
Makes direct system calls to hide process injection
2/5
Signed executable failed signature validation
2/5
Queries a host's domain name
2/5
Process Hollowing
2/5
Delays execution
2/5
Creates a new process from a system binary
2/5
Makes direct system call to possibly evade hooking based monitoring
1/5
Creates process with hidden window
1/5
Reloads native system libraries
1/5
Creates mutex
1/5
Resolves API functions dynamically
1/5
Overwrites code
1/5
Enumerates running processes
Downloader
Injector
5MQITXyG3ScBUbHz.exe
2026-05-24T17:17:57.831
malicious
Windows Exe (x86-64)
Close
5MQITXyG3ScBUbHz.exe
malicious
SHA256:
305eb4c2725ab366118b11e67c91f9e793469a17218f78436f71d582a78ed81c
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
IcedID configuration was extracted
3/5
All network connection attempts failed
3/5
Suspicious content matched by YARA rules
2/5
Delays execution
1/5
Enumerates running processes
Downloader
cHcGljxvb6aEMPHv.exe
2026-05-24T17:15:23.183
malicious
Windows Exe (x86-32)
Close
cHcGljxvb6aEMPHv.exe
malicious
SHA256:
dc5f5589f8a8bd46bc1ffaf8d8c01aebb21473abd1c028e145f49e64b45c4942
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
njRAT configuration was extracted
3/5
All network connection attempts failed
2/5
Modifies Windows Firewall configuration
2/5
Deletes file after execution
1/5
Monitors keyboard input
1/5
Performs DNS request
1/5
Obfuscates control flow
1/5
Creates mutex
1/5
Enables process privileges
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Installs system startup script or application
1/5
Query OS Information
Backdoor
Documentos.xlsx (~804 KB).exe
2026-05-24T17:14:11.406
malicious
Windows Exe (x86-32)
Close
Documentos.xlsx (~804 KB).exe
malicious
SHA256:
fdb7456a43bc3c0296c18043bf32f21b8a29d099f91fb690a6816d202d6ad51a
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Tries to read cached credentials of various applications
5/5
Malicious content matched by YARA rules
5/5
Agent Tesla configuration was extracted
4/5
Writes into the memory of another process
4/5
Modifies control flow of another process
4/5
Injected process sets up server that accepts incoming connections
4/5
Process Hollowing
3/5
Obscures a file's origin
2/5
Searches for sensitive FTP data
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Searches for sensitive mail data
2/5
Reads sensitive browser data
2/5
Reads sensitive mail data
2/5
Searches for sensitive application data
2/5
Searches for sensitive browser data
1/5
Resolves API functions dynamically
1/5
Enables process privileges
1/5
Query OS Information
1/5
Creates a page with write and execute permissions
1/5
Reads from memory of another process
1/5
Creates process with hidden window
1/5
Possibly does reconnaissance
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
1/5
Enumerates running processes
1/5
Obfuscates control flow
Spyware
Backdoor
Injector
https://telstradat.weebly.com
2026-05-24T17:12:52.637
malicious
URL
Close
https://telstradat.weebly.com
malicious
SHA256:
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Page is served from a service commonly used for temporary hosting
1/5
Logon form detected via Computer Vision
1/5
Resource is loaded from a service commonly used for temporary hosting
1/5
Communicates via JSON RPC protocol
1/5
Content matched by YARA rules
Phishing