Threat Feed
k5XBSXOEdq4t7k0Q.exe
2026-06-14T13:57:39.605
malicious
Windows Exe (x86-32)
Close
k5XBSXOEdq4t7k0Q.exe
malicious
SHA256:
3078d36c59a0d98ca521210fb373c51cc72ebc36584a223664ff6e32095f4ca6
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Modifies Windows Defender configuration
3/5
Monitors keyboard input
3/5
Bypasses PowerShell execution policy
2/5
Schedules task
2/5
Deletes file after execution
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Drops PE file
1/5
Creates mutex
1/5
Executes dropped PE file
1/5
Enables process privileges
1/5
Creates process with hidden window
1/5
Installs system startup script or application
1/5
Enumerates running processes
1/5
Accesses Microsoft Security Software registry keys
Spyware
Downloader
nkbD0NPeXgBsAF2H.exe
2026-06-14T13:57:15.852
malicious
Windows Exe (x86-32)
Close
nkbD0NPeXgBsAF2H.exe
malicious
SHA256:
68212eed6b568bb7181da467651a958fe0174ebeadcee9428e13bdd2689ddc2c
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
All network connection attempts failed
3/5
Suspicious content matched by YARA rules
2/5
Hides files
1/5
Content matched by YARA rules
1/5
Creates mutex
1/5
Modifies application directory
1/5
Resolves API functions dynamically
1/5
Creates an unusually large number of files
1/5
A monitored process crashed
1/5
Drops PE file
1/5
Possibly does reconnaissance
Hacktool
JnGp0oWietngsiZ7
2026-06-14T13:56:25.891
malicious
Linux ELF Executable (x86-64)
Close
JnGp0oWietngsiZ7
malicious
SHA256:
88d028a54a136782982817d1d93c89b075b7f04897b0c0681311add7c8712eb6
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Mirai configuration was extracted
5/5
Malicious content matched by YARA rules
3/5
Reads bash history
2/5
Delays execution
2/5
Sets up server that accepts incoming connections
2/5
Schedules task with Cron
2/5
Disables a system tool
2/5
Deletes file after execution
2/5
Enumerates running processes
1/5
Connects to remote host
1/5
Drops ELF file
1/5
Tries to connect using an uncommon port
Bot
app_softwae8635208.exe
2026-06-14T13:51:48.786
malicious
Windows Exe (x86-64)
Close
app_softwae8635208.exe
malicious
SHA256:
b60b5c0b253ff96a2978c5b65d406d244aa516118fb2c6dfeaf54fb91863e57e
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Masks file extension
4/5
Writes into the memory of another process
3/5
Executes code with kernel privileges
3/5
Modifies native system functions
2/5
Creates an unusually large number of processes
2/5
Sends control codes to a driver
2/5
Tries to detect virtual machine
2/5
Makes direct system call to possibly evade hooking based monitoring
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
A monitored process crashed
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Creates a page with write and execute permissions
1/5
Executes dropped PE file
1/5
Creates mutex
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Modifies operating system directory
1/5
Installs system startup script or application
1/5
Reads from memory of another process
1/5
Downloads file
Injector
app_softwae8635208.exe
2026-06-14T13:51:15.546
malicious
Windows Exe (x86-64)
Close
app_softwae8635208.exe
malicious
SHA256:
d37279f2c9c7be655035f2868ab8f380e38c48757c65969f8b121dc4d04339a0
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Masks file extension
4/5
Writes into the memory of another process
3/5
Executes code with kernel privileges
3/5
Modifies native system functions
2/5
Tries to detect virtual machine
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Sends control codes to a driver
2/5
Creates an unusually large number of processes
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Creates a page with write and execute permissions
1/5
Executes dropped PE file
1/5
Modifies operating system directory
1/5
Creates mutex
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Installs system startup script or application
1/5
Reads from memory of another process
1/5
Downloads file
Injector