Threat Feed | Online Malware Sandbox

URL

malicious

SHA256:

VMRay Threat Identifiers

Severity

Operation

5/5

Combination of other detections indicates a phishing website

4/5

Phishing page detected via Machine Learning

2/5

Branded Logon form detected via Computer Vision

2/5

Page uses exact same title as that of a popular online service

2/5

Unsecured data

1/5

Content matched by YARA rules

1/5

Branding image detected via Computer Vision

1/5

Page presents itself as a logon page

Phishing

http://49.51.43.12/v3/signin/identifier?amp%3Bfollowup=https%3A%2F%2Faccounts.google.com%2F&amp%3Bifkv=AQMjQ7QyROPzn0qaqnYvX4_aw7qH8RajahyDV4UI8mo2Mw7SaNi-z6QQG4MH4pDlzJ2gDPTt_nm2&amp%3Bpassive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AcDsRvwzzl4AfXeqbBVTXMzShu846TbLLmW0OkT033j8MynWFrLBWHlvnWshJqRvYU1oZGAn7b4HFA&dsh=S755521412%3A1781795746719711

2026-06-18T16:41:27.738

URL

malicious

SHA256:

VMRay Threat Identifiers

Severity

Operation

5/5

Combination of other detections indicates a phishing website

4/5

Phishing page detected via Machine Learning

2/5

Branded Logon form detected via Computer Vision

2/5

Page uses exact same title as that of a popular online service

1/5

Content matched by YARA rules

1/5

Page presents itself as a logon page

1/5

HTTPS page insecurely loads resources via HTTP

1/5

Branding image detected via Computer Vision

Phishing

file.exe

2026-06-18T16:10:05.309

Windows Exe (x86-64)

file.exe

malicious

SHA256: b424d821f8772824e213bbf9de9e6a431ac634107020689b46995e6bcdcc6232

VMRay Threat Identifiers

Severity

Operation

5/5

Makes indirect system calls to hide process injection

4/5

Makes indirect system call to possibly evade hooking based monitoring

4/5

Monitors clipboard content

4/5

Writes into the memory of another process

4/5

Modifies control flow of another process

3/5

Captures clipboard data

2/5

Delays execution

2/5

Creates a new process from a system binary

1/5

Drops PE file

1/5

Executes dropped PE file

1/5

Resolves API functions dynamically

1/5

Enumerates running processes

1/5

Creates a page with write and execute permissions

1/5

Creates process with hidden window

1/5

Creates mutex

1/5

Installs system startup script or application

Keylogger

Injector

file.exe

2026-06-18T15:53:27.921

Windows Exe (x86-64)

file.exe

malicious

SHA256: 59d181abf742f564d5b94f4e433edc983774308bddd0ceb6f4e7caf42601ed12

VMRay Threat Identifiers

Severity

Operation

5/5

Tries to read cached credentials of various applications

5/5

Malicious content matched by YARA rules

5/5

Combination of other detections shows multiple input capture behaviors

3/5

Takes screenshot

3/5

Uses HTTP to upload a large amount of data

3/5

Tries to evade debugger

3/5

Reads installed applications

2/5

Dead Drop Resolver

2/5

Searches for sensitive FTP data

2/5

Searches for sensitive browser data

2/5

Searches for sensitive application data

2/5

Searches for cryptocurrency wallet locations

2/5

Reads sensitive browser data

2/5

Searches for sensitive mail data

2/5

Suspicious content matched by YARA rules

1/5

Enables process privileges

1/5

Enumerates running processes

1/5

Tries to detect debugger

1/5

Creates mutex

1/5

Query OS Information

1/5

Query CPU Properties

1/5

Unusual large memory allocation

1/5

Resolves API functions dynamically

Spyware

MV TBN discharge used rail 27000mt at Dalian Port information EPDA.exe

2026-06-18T15:53:04.503

Windows Exe (x86-32)

MV TBN discharge used rail 27000mt at Dalian Port information EPDA.exe

malicious

SHA256: c263ac4338a05f8a8eac1a2eafb0ea4fac59c5c012a59b927c77dd41fd3536bb

VMRay Threat Identifiers

Severity

Operation

5/5

Tries to read cached credentials of various applications

5/5

Combination of other detections shows multiple input capture behaviors

5/5

PhantomStealer configuration was extracted

5/5

Malicious content matched by YARA rules

4/5

Process Hollowing

4/5

Injected process sets up server that accepts incoming connections

4/5

Modifies Windows Defender configuration

4/5

Malicious content matched by YARA rules

3/5

Monitors keyboard input

3/5

Tries to detect the presence of antivirus software

3/5

Takes screenshot

3/5

Suspicious content matched by YARA rules

3/5

Bypasses PowerShell execution policy

2/5

Connects to SMTP server

2/5

Queries OS info via WMI

2/5

Suspicious content matched by YARA rules

2/5

Modifies control flow of a process started from a created or modified executable

2/5

Executes PowerShell without default profile

2/5

Executes PowerShell with hidden window

2/5

Reads sensitive mail data

2/5

Searches for sensitive browser data

2/5

Searches for sensitive mail data

2/5

Collects hardware properties

1/5

Executes WMI query

1/5

Creates process with hidden window

1/5

Installs system startup script or application

1/5

Reads from memory of another process

1/5

Possibly does reconnaissance

1/5

Creates a page with write and execute permissions

1/5

Query OS Information

1/5

Enables process privileges

1/5

Creates mutex

1/5

Accesses Microsoft Security Software registry keys

1/5

Enumerates running processes

1/5

Performs DNS request

1/5

Connects to remote host

1/5

Checks external IP address

1/5

Content matched by YARA rules

1/5

Resolves API functions dynamically

Spyware

Backdoor

Injector