Threat Feed | Online Malware Sandbox

Shell Script

zte.sh

malicious

SHA256: 997cb6e36a629231bb6e9104cf9624bc9b931c2545528933b8104ffc43b7a31d

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

3/5

Creates an unusually large number of processes

2/5

Tries to execute downloaded binary of different architecture than the host

2/5

Downloads file

1/5

Connects to remote host

Downloader

aws.sh

2026-02-08T20:39:56.212

Shell Script

aws.sh

malicious

SHA256: 3af62e91f15727fe05aa709717357021d3d78a36e09d37e8a5f8b9ec7e9c8b64

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

3/5

Creates an unusually large number of processes

2/5

Tries to execute downloaded binary of different architecture than the host

2/5

Downloads file

1/5

Connects to remote host

Downloader

pxvxShejPD2Q6BSp.exe

2026-02-08T20:36:42.586

Windows Exe (x86-32)

pxvxShejPD2Q6BSp.exe

malicious

SHA256: 6872d50f7c6b714a64bf9421910c752a1b4243d17996adeb181893d7de7d51bb

VMRay Threat Identifiers

Severity

Operation

5/5

UmbralStealer configuration was extracted

5/5

Malicious content matched by YARA rules

5/5

Tries to read cached credentials of various applications

4/5

Modifies Windows Defender configuration

4/5

Malicious content matched by YARA rules

3/5

Deletes file after execution

3/5

Takes screenshot

3/5

Suspicious content matched by YARA rules

2/5

Sets up server that accepts incoming connections

2/5

Suspicious content matched by YARA rules

2/5

Queries OS info via WMI

2/5

Collects hardware properties

2/5

Deletes file after execution

2/5

Reads sensitive browser data

2/5

Searches for sensitive browser data

2/5

Hides files

1/5

Enumerates running processes

1/5

Query OS Information

1/5

Creates process with hidden window

1/5

Enables process privileges

1/5

Checks external IP address

1/5

Performs DNS request

1/5

Connects to remote host

1/5

Creates mutex

Spyware

xzNUty3e1mL4p3tS.exe

2026-02-08T20:35:51.275

Windows Exe (x86-32)

xzNUty3e1mL4p3tS.exe

malicious

SHA256: ccae5816318a2e8d710f1aacb2c0ebb65f42c4dacdf20d87a4197b9a1e9b17a5

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

5/5

Remcos configuration was extracted

5/5

Combination of other detections shows multiple input capture behaviors

3/5

Monitors keyboard input

3/5

Captures clipboard data

1/5

A monitored process crashed

1/5

Creates mutex

1/5

Query OS Information

Spyware

Backdoor

zyxel.sh

2026-02-08T20:35:41.229

Shell Script

zyxel.sh

malicious

SHA256: c4c8aec9c49a19753985b1160a76015247abca2f1075a0b9f2633dc0fe92b8ca

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

3/5

Creates an unusually large number of processes

2/5

Tries to execute downloaded binary of different architecture than the host

2/5

Downloads file

1/5

Connects to remote host

Downloader