Threat Feed
2025-07-01_7c5459d09f47d51ef14de87d3b0bf43c_cobalt-strike_poet-rat_sliver_snatch.exe
2025-07-02T00:45:34.760
malicious
Windows Exe (x86-64)
Close
2025-07-01_7c5459d09f47d51ef14de87d3b0bf43c_cobalt-strike_poet-rat_sliver_snatch.exe
malicious
SHA256:
93e8e2fcddb450f32bb4600dce6477930b8ab788503ff0f507493ab6b26bc527
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Modifies content of user files
4/5
Uses a double file extension
4/5
Masks file extension
2/5
Tries to detect application sandbox
1/5
Possibly does reconnaissance
1/5
Installs system startup script or application
1/5
Modifies application directory
1/5
Performs DNS request
1/5
Modifies operating system directory
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Executes dropped PE file
Ransomware
Picasa.exe
2025-07-02T00:45:18.223
malicious
Windows Exe (x86-32)
Close
Picasa.exe
malicious
SHA256:
d3878fbce6c13ac76be3dad1f29ef3411b564f97ab035c598f5c6007ef59c373
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Loads a dropped DLL into a system binary
4/5
Event Triggered Execution
3/5
Modifies native system functions
3/5
Suspicious content matched by YARA rules
3/5
Tries to detect the presence of antivirus software
2/5
Schedules task
2/5
Collects hardware properties
2/5
Schedules task via schtasks
2/5
Queries OS version via WMI
1/5
Creates mutex
1/5
Drops PE file
1/5
Enables process privileges
1/5
Tries to connect using an uncommon port
1/5
Modifies operating system directory
1/5
Executes WMI query
1/5
Installs system startup script or application
1/5
Resolves API functions dynamically
1/5
Overwrites code
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Loads a dropped DLL
1/5
Creates process with hidden window
faec5e1b6b7d01d966f2f429c888fe3f.exe
2025-07-02T00:43:56.151
malicious
Windows Exe (x86-64)
Close
faec5e1b6b7d01d966f2f429c888fe3f.exe
malicious
SHA256:
910cf4b33561a41deee8f49acbae1ebd49a03939bb7b10a6753580bd3882ba8f
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Modifies content of user files
4/5
Masks file extension
4/5
Uses a double file extension
2/5
Tries to detect application sandbox
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Installs system startup script or application
1/5
Modifies operating system directory
1/5
Modifies application directory
1/5
Performs DNS request
Ransomware
SciTE.exe
2025-07-02T00:39:17.765
malicious
Windows Exe (x86-32)
Close
SciTE.exe
malicious
SHA256:
98b19a84fe3fec6e377bafb6d96a076919724b7a547ff0d8628b5e02bace3712
VMRay Threat Identifiers
Close
Severity
Operation
5/5
njRAT configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Writes into the memory of another process
4/5
Modifies control flow of another process
2/5
Tries to detect debugger
2/5
Delays execution
2/5
Uses Alternate Data Stream (ADS) file attributes
2/5
Deletes file after execution
2/5
Schedules task
2/5
Schedules task via schtasks
1/5
Resolves API functions dynamically
1/5
Creates mutex
1/5
Creates process with hidden window
1/5
Enumerates running processes
1/5
The binary file was created with a packer
1/5
Executes dropped PE file
1/5
Reads from memory of another process
1/5
Installs system startup script or application
Backdoor
Injector
d439691e24822db47fb84e0bd8731a6510a9bea2f017135d3602715cacb1fd59-dropped.exe
2025-07-02T00:37:57.747
malicious
Windows Exe (x86-32)
Close
d439691e24822db47fb84e0bd8731a6510a9bea2f017135d3602715cacb1fd59-dropped.exe
malicious
SHA256:
d439691e24822db47fb84e0bd8731a6510a9bea2f017135d3602715cacb1fd59
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Sends control codes to a driver
2/5
Reads network configuration
2/5
Deletes file after execution
2/5
Accesses physical drive
1/5
Creates mutex
1/5
Resolves API functions dynamically
1/5
Overwrites code
1/5
A monitored process crashed
1/5
Drops PE file
1/5
Executes dropped PE file
Hacktool