Threat Feed
TV18gLFemjtUeEtk.html
2026-05-14T10:35:20.632
malicious
HTML Document
Close
TV18gLFemjtUeEtk.html
malicious
SHA256:
8d3bdf6d90b8767e48a448b2425366365c09648318f42a70416ae2d904456e11
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections indicates a phishing website
2/5
The HTML file contains logon form
2/5
Branded Logon form detected via Computer Vision
2/5
Page uses exact same title as that of a popular online service
1/5
Branding image detected via Computer Vision
1/5
Page presents itself as a logon page
Phishing
KQZPo5r8HBTqKuVF.html
2026-05-14T10:30:40.195
malicious
HTML Document
Close
KQZPo5r8HBTqKuVF.html
malicious
SHA256:
7c2ff45f4fc35c42bbbf885c697e5fb7f003da11deaa4df2243cd1b5d053cb6a
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
The HTML file contains logon form
1/5
Logon form detected via Computer Vision
1/5
URL contains a TLD highly associated with phishing
1/5
Content matched by YARA rules
1/5
Page contains clickables with luring keywords
Downloader
CHENTAI POUCHEN ID BY SEA NGAY 14052026.js
2026-05-14T10:09:49.284
malicious
JScript
Close
CHENTAI POUCHEN ID BY SEA NGAY 14052026.js
malicious
SHA256:
5f9047dc9274d30a2c8fd97f100ff2abfc789b14f90736a27f248856c84ed571
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Agent Tesla configuration was extracted
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows configuration discovery
4/5
Process Hollowing
4/5
Reads from memory of another process
4/5
Writes into the memory of another process
4/5
Connects to SMTP server
3/5
Bypasses PowerShell execution policy
3/5
Reads sensitive browser data
3/5
Reads sensitive mail data
3/5
Suspicious content matched by YARA rules
2/5
Enables process privileges
2/5
Searches for sensitive mail data
2/5
Searches for sensitive browser data
2/5
Possibly does reconnaissance
2/5
Searches for sensitive application data
2/5
Searches for sensitive FTP data
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Reads network adapter information
2/5
Performs DNS request
2/5
Executes PowerShell without default profile
2/5
Executes PowerShell with hidden window
2/5
Installs system startup script or application
1/5
Connects to remote host
1/5
Executes WMI query
1/5
Enumerates running processes
1/5
Content matched by YARA rules
1/5
Accesses Microsoft Security Software registry keys
1/5
Query OS Information
Spyware
Injector
a723QnYENSqftAHd.exe
2026-05-14T09:14:07.528
malicious
Windows Exe (x86-32)
Close
a723QnYENSqftAHd.exe
malicious
SHA256:
96fe2826bb351f80b9803ee499b7dfcdf6fe624c7750e41bd8d5ef70f5981ee1
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Modifies Windows Defender configuration
4/5
Bypasses Windows User Account Control (UAC)
3/5
Executable modifies its own file
2/5
Schedules task
2/5
Creates an unusually large number of processes
2/5
Creates a new process from a system binary
2/5
Suspicious content matched by YARA rules
1/5
Creates process with hidden window
1/5
Enumerates running processes
1/5
Query OS Information
1/5
Content matched by YARA rules
1/5
Enables process privileges
1/5
Installs system startup script or application
1/5
Obfuscates control flow
1/5
Resolves API functions dynamically
1/5
Overwrites code
1/5
Creates mutex
1/5
Modifies application directory
1/5
Writes an unusually large amount of data to the registry
1/5
Modifies operating system directory
Backdoor
WyaCBxZ0bWDKqGzf.exe
2026-05-14T09:12:18.982
malicious
Windows Exe (x86-64)
Close
WyaCBxZ0bWDKqGzf.exe
malicious
SHA256:
ea322d3cfa3f75ff88ccd6e5a02cee9aae43564e436afc6e287ce45b2a87fa9e
VMRay Threat Identifiers
Close
Severity
Operation
5/5
XWorm configuration was extracted
5/5
Known malicious mutex name is created
5/5
Malicious content matched by YARA rules
3/5
Redirect program startups
2/5
Signed executable failed signature validation
2/5
Reads network adapter information
2/5
Creates a new process from a system binary
2/5
Peripheral Device Discovery
1/5
Content matched by YARA rules
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Accesses volumes directly
1/5
Creates process with hidden window
1/5
Creates mutex
1/5
Enables process privileges
1/5
Installs system startup script or application
1/5
Modifies application directory
1/5
Checks Internet connection
1/5
Query OS Information
1/5
Performs DNS request
1/5
Connects to remote host
Spyware