Threat Feed
GSK4CzbZ8sjwsmDy.exe
2026-07-01T20:24:31.899
malicious
Windows Exe (x86-32)
Close
GSK4CzbZ8sjwsmDy.exe
malicious
SHA256:
bda169677085a603b1cf06c775e1d87d65ec9450b7d8c14cad3164f0385cb2ce
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
njRAT configuration was extracted
2/5
Modifies Windows Firewall configuration
2/5
Queries OS info via WMI
1/5
Installs system startup script or application
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Obfuscates control flow
1/5
Resolves API functions dynamically
1/5
Creates mutex
1/5
Monitors keyboard input
1/5
Query OS Information
1/5
Enables process privileges
1/5
Creates process with hidden window
Backdoor
RFQ_Solicitaçao de cotaçao - VALVEPRESS_819011530.JS
2026-07-01T20:15:30.638
malicious
JScript
Close
RFQ_Solicitaçao de cotaçao - VALVEPRESS_819011530.JS
malicious
SHA256:
aae1ae0a63590018e0f780062959aecbf8b42a6dbafc45cc481edfa6fcbb4bfe
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Sets up server that accepts incoming connections
5/5
Tries to read cached credentials of various applications
5/5
Malicious content matched by YARA rules
4/5
Tries to detect the presence of antivirus software
3/5
Reads sensitive mail data
3/5
Takes screenshot
3/5
Performs DNS request for known DDNS domain
2/5
Searches for sensitive mail data
2/5
Performs DNS request
2/5
Reads network adapter information
2/5
Enables process privileges
2/5
Searches for sensitive application data
2/5
Searches for sensitive FTP data
2/5
Suspicious content matched by YARA rules
2/5
Possibly does reconnaissance
2/5
Executes dropped PE file
2/5
Tries to detect debugger
2/5
Queries OS info via WMI
2/5
Searches for cryptocurrency wallet locations
2/5
Searches for sensitive browser data
1/5
Query OS Information
1/5
Uses encryption API
1/5
Enumerates running processes
1/5
Connects to remote host
1/5
Content matched by YARA rules
1/5
Unusual large memory allocation
1/5
Creates mutex
1/5
Queries system time
Spyware
Backdoor
Downloader
clM3cLPU1yrEnCiO.exe
2026-07-01T20:14:47.699
malicious
Windows Exe (x86-32)
Close
clM3cLPU1yrEnCiO.exe
malicious
SHA256:
0bb458dbc030669e76188d25fa7421c2dd688497602066db440f6463405d4637
VMRay Threat Identifiers
Close
Severity
Operation
5/5
UmbralStealer configuration was extracted
5/5
Malicious content matched by YARA rules
5/5
Tries to read cached credentials of various applications
4/5
Modifies Windows Defender configuration
4/5
Blocks network connection to security products
4/5
Malicious content matched by YARA rules
3/5
Takes screenshot
3/5
Suspicious content matched by YARA rules
3/5
Classifies external IP address
2/5
Deletes file after execution
2/5
Reads network adapter information
2/5
Collects hardware properties
2/5
Hides files
2/5
Reads network configuration
2/5
Searches for sensitive browser data
2/5
Searches for cryptocurrency wallet locations
2/5
Queries OS info via WMI
2/5
Sets up server that accepts incoming connections
2/5
Suspicious content matched by YARA rules
1/5
Connects to remote host
1/5
Timestamp manipulation
1/5
Checks external IP address
1/5
Content matched by YARA rules
1/5
Modifies operating system directory
1/5
Creates mutex
1/5
Installs system startup script or application
1/5
Accesses Microsoft Security Software registry keys
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Drops PE file
1/5
Enables process privileges
1/5
Executes dropped PE file
1/5
Query OS Information
1/5
Queries system time
1/5
Performs DNS request
Spyware
1zWy6xxxuM2feNnR.exe
2026-07-01T20:02:03.805
malicious
Windows Exe (x86-32)
Close
1zWy6xxxuM2feNnR.exe
malicious
SHA256:
9df581a6de7e02d2472fe55adb8d2100ee69c1827827da260f2f33792582e67e
VMRay Threat Identifiers
Close
Severity
Operation
5/5
UmbralStealer configuration was extracted
5/5
Malicious content matched by YARA rules
5/5
Tries to read cached credentials of various applications
4/5
Modifies Windows Defender configuration
4/5
Malicious content matched by YARA rules
4/5
Blocks network connection to security products
3/5
Suspicious content matched by YARA rules
3/5
Takes screenshot
3/5
Classifies external IP address
2/5
Sets up server that accepts incoming connections
2/5
Reads network adapter information
2/5
Reads network configuration
2/5
Hides files
2/5
Suspicious content matched by YARA rules
2/5
Searches for sensitive browser data
2/5
Searches for cryptocurrency wallet locations
2/5
Executes dropped PE masquerading Filename
2/5
Queries OS info via WMI
2/5
Collects hardware properties
1/5
Performs DNS request
1/5
Creates mutex
1/5
Query OS Information
1/5
Enables process privileges
1/5
Creates process with hidden window
1/5
Enumerates running processes
1/5
Accesses Microsoft Security Software registry keys
1/5
Installs system startup script or application
1/5
Modifies operating system directory
1/5
Queries system time
1/5
Connects to remote host
1/5
Checks external IP address
1/5
Content matched by YARA rules
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Timestamp manipulation
Spyware
7lLFFYQmdy0kxGGp.exe
2026-07-01T20:01:34.190
malicious
Windows Exe (x86-32)
Close
7lLFFYQmdy0kxGGp.exe
malicious
SHA256:
428311a91d99fbb00058254b041cae1c82a8141bd7e5201be81b86f0553dddaa
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Tries to evade debugger
3/5
Modifies native system functions
2/5
Tries to detect kernel debugger
2/5
Tries to detect virtual machine
1/5
Queries system time
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Enumerates running processes
1/5
Tries to detect debugger
Trojan