Threat Feed
s5BATWk8YozjBwd4.exe
2026-07-05T16:37:08.913
malicious
Windows Exe (x86-64)
Close
s5BATWk8YozjBwd4.exe
malicious
SHA256:
161bfb869368948bad752ca9be7f5871169430a33292dce778c2aa28a1c9967e
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Signed executable failed signature validation
1/5
Resolves API functions dynamically
1/5
A monitored process crashed
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Timestamp manipulation
1/5
Queries system time
1/5
Drops PE masquerading Filename
1/5
Content matched by YARA rules
Spyware
6o6Lief8rBZFZH9h.html
2026-07-05T16:02:51.593
malicious
HTML Document
Close
6o6Lief8rBZFZH9h.html
malicious
SHA256:
504bdc560dd567088f133213a13356753ff0ef3884c877c297dea0f8b2b9332c
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections indicates a phishing website
2/5
Page uses exact same title as that of a popular online service
2/5
The HTML file contains logon form
2/5
Branded Logon form detected via Computer Vision
1/5
Branding image detected via Computer Vision
1/5
Page presents itself as a logon page
Phishing
milleniumbcp pdf.hta
2026-07-05T15:52:07.690
malicious
HTML Application
Close
milleniumbcp pdf.hta
malicious
SHA256:
55c238f70456eb7a7dcdf4e0216a7c685cedf66e8ae01c0f0dd2916e29b58470
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
MassLogger configuration was extracted
4/5
Process Hollowing
4/5
Attempts to connect through HTTP
4/5
Writes into the memory of another process
4/5
Connects to SMTP server
4/5
Malicious content matched by YARA rules
4/5
Reads from memory of another process
3/5
Reads sensitive mail data
3/5
Suspicious content matched by YARA rules
3/5
Executes PowerShell commands from environment variables
3/5
Reads sensitive browser data
2/5
Suspicious content matched by YARA rules
2/5
Executes PowerShell without default profile
2/5
Searches for sensitive FTP data
2/5
Searches for sensitive mail data
2/5
Tries to detect debugger
2/5
Reads network adapter information
2/5
Enables process privileges
2/5
Checks external IP address
2/5
Searches for sensitive browser data
2/5
Performs DNS request
1/5
Connects to remote host
1/5
Accesses Microsoft Security Software registry keys
1/5
Queries system time
1/5
Reads system data
1/5
Enumerates running processes
1/5
Unusual large memory allocation
1/5
URL contains a TLD highly associated with phishing
1/5
Query OS Information
Spyware
Downloader
Injector
Dekont.hta
2026-07-05T15:51:07.410
malicious
HTML Application
Close
Dekont.hta
malicious
SHA256:
992b32363a965ed54e695f373230e77d9fa553043f3afbd9d3ddb0c10135b916
VMRay Threat Identifiers
Close
Severity
Operation
5/5
MassLogger configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Reads from memory of another process
4/5
Attempts to connect through HTTP
4/5
Writes into the memory of another process
4/5
Connects to SMTP server
4/5
Malicious content matched by YARA rules
4/5
Process Hollowing
3/5
Reads sensitive mail data
3/5
Suspicious content matched by YARA rules
3/5
Executes PowerShell commands from environment variables
3/5
Reads sensitive browser data
2/5
Executes PowerShell without default profile
2/5
Searches for sensitive mail data
2/5
Reads network adapter information
2/5
Enables process privileges
2/5
Suspicious content matched by YARA rules
2/5
Searches for sensitive browser data
2/5
Checks external IP address
2/5
Performs DNS request
1/5
Accesses Microsoft Security Software registry keys
1/5
Connects to remote host
1/5
Unusual large memory allocation
1/5
Queries system time
1/5
URL contains a TLD highly associated with phishing
1/5
Enumerates running processes
1/5
Query OS Information
Spyware
Downloader
Injector
r0L7FQgcPna11b64.sh
2026-07-05T15:47:10.525
malicious
Shell Script
Close
r0L7FQgcPna11b64.sh
malicious
SHA256:
a99fc2710b0af6f1d0be97a3a380a3dec7ff08b7daa765f6f52944cbdcd3ef48
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Schedules task with Cron
2/5
Downloads file
2/5
Enumerates running processes
1/5
Reads system data
1/5
Creates hidden file or folder
1/5
Connects to remote host
PUA
Miner