Threat Feed
ZFEg4Ra.exe
2026-02-07T19:52:58.907
malicious
Windows Exe (x86-32)
Close
ZFEg4Ra.exe
malicious
SHA256:
0ddd1f0d9a8a47a0e8a442dce6950ad1ae76633e4788110d0fc06ca1b754f6d3
VMRay Threat Identifiers
Close
Severity
Operation
5/5
AsyncRAT configuration was extracted
5/5
Malicious content matched by YARA rules
3/5
Tries to detect the presence of antivirus software
3/5
Performs DNS request for known DDNS domain
2/5
Queries OS info via WMI
1/5
Connects to remote host
1/5
Creates mutex
1/5
Tries to connect using an uncommon port
1/5
Query OS Information
1/5
Resolves API functions dynamically
1/5
Enables process privileges
1/5
Performs DNS request
Backdoor
eWQB8iX.exe
2026-02-07T19:51:51.960
malicious
Windows Exe (x86-64)
Close
eWQB8iX.exe
malicious
SHA256:
410863d42dec8855da40cbe8f3039888f84b575bab2b20dcc4ef2e8e2653f6dc
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
3/5
Takes screenshot
3/5
Tries to detect the presence of antivirus software
3/5
Captures clipboard data
2/5
Collects hardware properties
2/5
Queries OS info via WMI
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Queries a host's domain name
1/5
Enumerates running processes
1/5
Tries to connect using an uncommon port
1/5
Resolves API functions dynamically
1/5
Query Firmware Information
1/5
Creates a page with write and execute permissions
Spyware
catgirl.x86_64
2026-02-07T19:41:44.061
malicious
Linux ELF Executable (x86-64)
Close
catgirl.x86_64
malicious
SHA256:
ebdd79ea6d99bacd88500f20a327885d1eb24a4e19b9d0289d6e9ef1db434490
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Reads ssh keys
2/5
Checks for existence of ssh keys
2/5
Schedules task with Cron
2/5
Deletes file after execution
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
4Ce4EK7i4EsHZtTK.exe
2026-02-07T19:24:13.603
malicious
Windows Exe (x86-32)
Close
4Ce4EK7i4EsHZtTK.exe
malicious
SHA256:
1bec2b03944d2db172002c0e9bd69bc53ff93da50c0adbbd28e9e047846e3a4e
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Lumma configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Makes indirect system call to possibly evade hooking based monitoring
3/5
Takes screenshot
3/5
Tries to detect the presence of antivirus software
3/5
Captures clipboard data
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Searches for sensitive browser data
2/5
Searches for sensitive application data
2/5
Searches for sensitive mail data
1/5
Possibly does reconnaissance
1/5
Resolves API functions dynamically
1/5
Creates a page with write and execute permissions
1/5
Enumerates running processes
1/5
Creates mutex
1/5
Downloads file
Spyware
mxKRp6fRVSE3g7QJ.exe
2026-02-07T18:53:19.210
malicious
Windows Exe (x86-64)
Close
mxKRp6fRVSE3g7QJ.exe
malicious
SHA256:
1e94ca110fd8188c2ccf25b7c0ba49b5ba93e6e3d775c9198961dfbec730f369
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Malicious content matched by YARA rules
5/5
Tries to read cached credentials of various applications
5/5
Vidar configuration was extracted
4/5
Modifies control flow of another process
4/5
Writes into the memory of another process
4/5
Malicious content matched by YARA rules
3/5
Reads installed applications
3/5
Deletes file after execution
3/5
Takes screenshot
3/5
Uses HTTP to upload a large amount of data
2/5
Tries to detect application sandbox
2/5
Delays execution
2/5
Searches for sensitive browser data
2/5
Searches for sensitive mail data
2/5
Deletes file after execution
2/5
Tries to detect virtual machine
2/5
Suspicious content matched by YARA rules
2/5
Reads sensitive browser data
2/5
Allows invalid SSL certificates
1/5
Possibly does reconnaissance
1/5
Tries to detect debugger
1/5
Resolves API functions dynamically
1/5
Overwrites code
1/5
Enumerates running processes
1/5
A monitored process crashed
1/5
Query CPU Properties
1/5
Creates a page with write and execute permissions
1/5
Query OS Information
1/5
Reads system data
1/5
Creates process with hidden window
1/5
Content matched by YARA rules
1/5
Unusual large memory allocation
Spyware
Injector
Stealer