Threat Feed
UEOc0LtaVQKxWQR6.html
2026-04-23T11:02:44.294
malicious
HTML Document
Close
UEOc0LtaVQKxWQR6.html
malicious
SHA256:
d1e5ad87911f167d866709f3fdf632c9303a4f84a98af633dd25caf40000999e
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections indicates a phishing website
2/5
The HTML file contains logon form
2/5
Branded Logon form detected via Computer Vision
2/5
Page uses exact same title as that of a popular online service
1/5
Branding image detected via Computer Vision
1/5
Page presents itself as a logon page
Phishing
Teeth_Correction_CT_Request(X-ray, test results, notes).bat
2026-04-23T10:38:32.997
malicious
Windows Batch File
Close
Teeth_Correction_CT_Request(X-ray, test results, notes).bat
malicious
SHA256:
32a0d6a414a84993fbc46574a36a4136f6e7f8573d848552eece545cd39239b1
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Creates an unusually large number of files
4/5
Creates elevated child process
4/5
Attempts to connect through HTTP
2/5
Executes PowerShell with hidden window
2/5
Performs DNS request
2/5
Installs system startup script or application
1/5
Connects to remote host
1/5
Accesses volumes directly
1/5
Query OS Information
T. HALK BANKASI A.S,pdf.exe
2026-04-23T10:30:26.027
malicious
Windows Exe (x86-32)
Close
T. HALK BANKASI A.S,pdf.exe
malicious
SHA256:
4cbc79702cdc46953a14237c27ab6a81c8e46895acff1119a93a9912b4281065
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows multiple input capture behaviors
5/5
DarkCloud configuration was extracted
4/5
Process Hollowing
3/5
Takes screenshot
3/5
Suspicious content matched by YARA rules
3/5
Captures clipboard data
2/5
Modifies control flow of a process started from a created or modified executable
2/5
Searches for sensitive FTP data
2/5
Reads sensitive mail data
2/5
Searches for sensitive application data
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Suspicious content matched by YARA rules
2/5
Searches for sensitive mail data
2/5
Delays execution
1/5
Monitors keyboard input
1/5
Enables process privileges
1/5
Creates process with hidden window
1/5
Content matched by YARA rules
1/5
Reads from memory of another process
1/5
Resolves API functions dynamically
1/5
Installs system startup script or application
1/5
Creates mutex
1/5
Enumerates running processes
1/5
Creates a page with write and execute permissions
1/5
Possibly does reconnaissance
Spyware
Injector
d8c86e1fe39c1e27944205fb72692c9fb0527aa1f24fcb0dfd1cb664eac0ea62
2026-04-23T10:27:51.405
malicious
Linux ELF Executable (x86-64)
Close
d8c86e1fe39c1e27944205fb72692c9fb0527aa1f24fcb0dfd1cb664eac0ea62
malicious
SHA256:
d8c86e1fe39c1e27944205fb72692c9fb0527aa1f24fcb0dfd1cb664eac0ea62
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Reads ssh keys
3/5
All network connection attempts failed
2/5
Checks for existence of ssh keys
2/5
Tries to detect virtual machine
1/5
Masquerades file extension
1/5
Clones process
z1BankRequestform2026.exe
2026-04-23T10:25:32.027
malicious
Windows Exe (x86-32)
Close
z1BankRequestform2026.exe
malicious
SHA256:
b5cc8276cff50bd4462303b5b0d2d4885cc1a6ba4a812fe7c4443afde8a76f3e
VMRay Threat Identifiers
Close
Severity
Operation
5/5
XWorm configuration was extracted
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Modifies Windows Defender configuration
4/5
Process Hollowing
3/5
Monitors keyboard input
3/5
Suspicious content matched by YARA rules
3/5
Tries to detect the presence of antivirus software
3/5
Bypasses PowerShell execution policy
2/5
Modifies control flow of a process started from a created or modified executable
2/5
Collects hardware properties
2/5
Tries to detect debugger
2/5
Queries OS info via WMI
1/5
Obfuscates control flow
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Connects to remote host
1/5
Creates a page with write and execute permissions
1/5
Writes an unusually large amount of data to the registry
1/5
Creates process with hidden window
1/5
Creates mutex
1/5
Enables process privileges
1/5
Installs system startup script or application
1/5
Enumerates running processes
1/5
Query OS Information
1/5
Performs DNS request
1/5
Reads from memory of another process
1/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
Spyware
Injector