Threat Feed
https://cms.transfer.com.br/vendor/documentRFQ20231010NSE029.html
2026-03-19T18:40:41.470
malicious
URL
Close
https://cms.transfer.com.br/vendor/documentRFQ20231010NSE029.html
malicious
SHA256:
VMRay Threat Identifiers
Close
Severity
Operation
5/5
TelegramPhishkit configuration was extracted
5/5
Combination of other detections indicates a phishing website
4/5
Phishing page detected via Machine Learning
4/5
Malicious content matched by YARA rules
3/5
Page contains a Microsoft logon form
2/5
Contains a mark of the web from a known service
2/5
Branded Logon form detected via Computer Vision
1/5
Branding image detected via Computer Vision
1/5
Checks external IP address
1/5
URL contains a TLD highly associated with phishing
1/5
Page uses exact branding image of a popular online service
1/5
Loads image resources from another website
1/5
Content matched by YARA rules
1/5
Page presents itself as a logon page
1/5
Page secured via a Domain Validated SSL certificate
Phishing
778edaa7f5963ebf72d9e25320934ce9b37f5e798d5e1db89a0bb97af1e1245d.exe
2026-03-19T18:40:02.820
malicious
Windows Exe (x86-32)
Close
778edaa7f5963ebf72d9e25320934ce9b37f5e798d5e1db89a0bb97af1e1245d.exe
malicious
SHA256:
778edaa7f5963ebf72d9e25320934ce9b37f5e798d5e1db89a0bb97af1e1245d
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Suspicious content matched by YARA rules
1/5
Creates a page with write and execute permissions
1/5
Unusual large memory allocation
1/5
Resolves API functions dynamically
Spyware
TwRqJ4rRMRFrbaS3.exe
2026-03-19T18:37:51.585
malicious
Windows Exe (x86-64)
Close
TwRqJ4rRMRFrbaS3.exe
malicious
SHA256:
a4f2a906810f38e6bf0b6dd56af4fbba428939f68bc13c5ecf70a909ac903ab0
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Suspicious content matched by YARA rules
2/5
Creates an unusually large number of processes
1/5
Drops PE file
1/5
Creates mutex
1/5
Executes dropped PE file
1/5
Modifies operating system directory
1/5
Creates process with hidden window
PUA
Hacktool
Miner
8ec806P8XaSdtS5p.exe
2026-03-19T18:36:35.075
malicious
Windows Exe (x86-32)
Close
8ec806P8XaSdtS5p.exe
malicious
SHA256:
028965fb2ed15cdf5243e844450be4cbdf42ae2709e23eeb85297bcb67469e8c
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Deletes user files
5/5
Malicious content matched by YARA rules
4/5
Process Hollowing
3/5
System Binary Proxy Execution
2/5
Hides files
2/5
Modifies control flow of a process started from a created or modified executable
1/5
Installs system startup script or application
1/5
Creates process with hidden window
1/5
Executes WMI query
1/5
Resolves API functions dynamically
1/5
Creates an unusually large number of files
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Enumerates running processes
1/5
Changes folder appearance
1/5
Reads from memory of another process
1/5
Creates a page with write and execute permissions
1/5
Possibly does reconnaissance
1/5
Modifies operating system directory
Ransomware
Wiper
Injector
Payment Copy US$.24,48015.js
2026-03-19T18:35:01.107
malicious
JScript
Close
Payment Copy US$.24,48015.js
malicious
SHA256:
d51ea87c715039f7c8902c8698520ff59afc13a4c7ff5ccfa15085d0f1bcdd24
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Combination of other detections shows configuration discovery
5/5
RedLine configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Reads from memory of another process
4/5
Tries to detect the presence of antivirus software
4/5
Tries to detect the presence of anti-spyware software
4/5
Tries to detect the presence of firewall software
4/5
Process Hollowing
4/5
Writes into the memory of another process
3/5
Takes screenshot
3/5
Bypasses PowerShell execution policy
3/5
Reads installed applications
2/5
Possibly does reconnaissance
2/5
Searches for sensitive FTP data
2/5
Collects hardware properties
2/5
Enables process privileges
2/5
Enumerates running processes
2/5
Executes PowerShell without default profile
2/5
Searches for sensitive browser data
2/5
Searches for cryptocurrency wallet locations
2/5
Queries OS info via WMI
2/5
Tries to connect using an uncommon port
2/5
Searches for sensitive mail data
2/5
Searches for sensitive application data
1/5
Connects to remote host
1/5
Enumerates running processes
1/5
Content matched by YARA rules
1/5
Query OS Information
Spyware
Injector