Threat Feed
eOtqttWshyydP9UJ.exe
2026-07-08T16:04:29.782
malicious
Windows Exe (x86-64)
Close
eOtqttWshyydP9UJ.exe
malicious
SHA256:
4cb44ab27c0e45acfbcf18a6561a7fde0a20035192dc29dca590ed3dc61b8ce2
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
3/5
Reads installed applications
3/5
Tries to evade debugger
2/5
Searches for sensitive browser data
2/5
Searches for cryptocurrency wallet locations
2/5
Searches for sensitive mail data
1/5
Query OS Information
1/5
URL contains a TLD highly associated with phishing
1/5
Unusual large memory allocation
1/5
Resolves API functions dynamically
1/5
Queries system time
1/5
Tries to detect debugger
1/5
Creates mutex
1/5
Query CPU Properties
1/5
Enumerates running processes
Spyware
gNou6IhBKAWyIMai.exe
2026-07-08T16:01:27.704
malicious
Windows Exe (x86-64)
Close
gNou6IhBKAWyIMai.exe
malicious
SHA256:
c4ce7dd05a3865b7d16a33adc9fa57d15a221abb83cb57fad43e947bc0a17eb1
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Tries to read cached credentials of various applications
3/5
Suspicious content matched by YARA rules
3/5
Uses HTTP to upload a large amount of data
3/5
Takes screenshot
3/5
Modifies native system functions
3/5
Reads installed applications
2/5
Searches for sensitive VPN configuration data
2/5
Searches for sensitive browser data
2/5
Searches for sensitive mail data
2/5
Deletes file after execution
2/5
Searches for sensitive application data
2/5
Searches for cryptocurrency wallet locations
2/5
Searches for sensitive FTP data
2/5
Suspicious content matched by YARA rules
2/5
Modifies control flow of a process started from a created or modified executable
1/5
Query CPU Properties
1/5
Performs DNS request
1/5
Creates a page with write and execute permissions
1/5
Content matched by YARA rules
1/5
Queries system time
1/5
Enumerates running processes
1/5
Resolves API functions dynamically
1/5
Reads from memory of another process
1/5
Possibly does reconnaissance
1/5
Tries to detect debugger
1/5
Drops PE file
1/5
Creates process with hidden window
1/5
Executes dropped PE file
Spyware
439ef0ce4ffb3d016531ad8b9fb2ff499595350efe727f587502ebbc73701af8.exe
2026-07-08T15:59:22.223
malicious
Windows Exe (x86-32)
Close
439ef0ce4ffb3d016531ad8b9fb2ff499595350efe727f587502ebbc73701af8.exe
malicious
SHA256:
439ef0ce4ffb3d016531ad8b9fb2ff499595350efe727f587502ebbc73701af8
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
SalatStealer configuration was extracted
3/5
Takes screenshot
2/5
Queries OS info via WMI
2/5
Suspicious content matched by YARA rules
2/5
Deletes file after execution
2/5
Collects hardware properties
2/5
Reads network adapter information
2/5
Sets up server that accepts incoming connections
2/5
Schedules task
1/5
Timestamp manipulation
1/5
Unusual large memory allocation
1/5
Reads system data
1/5
Creates mutex
1/5
Resolves API functions dynamically
1/5
Queries system time
1/5
Creates process with hidden window
1/5
Accesses Microsoft Security Software registry keys
1/5
Performs DNS request
1/5
Content matched by YARA rules
1/5
Enumerates running processes
1/5
A monitored process crashed
1/5
Drops PE file
1/5
Executes dropped PE file
Spyware
http://49.51.43.12/v3/signin/identifier?amp%3Bfollowup=https%3A%2F%2Faccounts.google.com%2F&%3Bifkv=AQMjQ7QyROPzn0qaqnYvX4_aw7qH8RajahyDV4UI8mo2Mw7SaNi-z6QQG4MH4pDlzJ2gDPTt_nm2&%3Bpassive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AcDsRvwZqQFQkujmx2xisHMt_DQvxjTD7cl_b8laIFs8bfliVMy384EsxtxsiiZUDTHzEfv7qafk&dsh=S1461305277%3A1783520066013405
2026-07-08T15:57:06.172
malicious
URL
Close
http://49.51.43.12/v3/signin/identifier?amp%3Bfollowup=https%3A%2F%2Faccounts.google.com%2F&%3Bifkv=AQMjQ7QyROPzn0qaqnYvX4_aw7qH8RajahyDV4UI8mo2Mw7SaNi-z6QQG4MH4pDlzJ2gDPTt_nm2&%3Bpassive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AcDsRvwZqQFQkujmx2xisHMt_DQvxjTD7cl_b8laIFs8bfliVMy384EsxtxsiiZUDTHzEfv7qafk&dsh=S1461305277%3A1783520066013405
malicious
SHA256:
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections indicates a phishing website
4/5
Phishing page detected via Machine Learning
2/5
Branded Logon form detected via Computer Vision
2/5
Page uses exact same title as that of a popular online service
1/5
Content matched by YARA rules
1/5
Page presents itself as a logon page
1/5
HTTPS page insecurely loads resources via HTTP
1/5
Branding image detected via Computer Vision
Phishing
PO_6712_Dokumen_Pendukung.vbe
2026-07-08T15:47:35.264
malicious
VBScript
Close
PO_6712_Dokumen_Pendukung.vbe
malicious
SHA256:
8c4fa21ef2c73c803a9144a7ad0814e404625ba8f3e18d4ee0c29377da15da14
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Remcos configuration was extracted
5/5
GuLoader configuration was extracted
4/5
Makes unaligned API calls to possibly evade hooking based sandboxes
4/5
Tries to evade debugger
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Reads from memory of another process
3/5
Reads installed applications
3/5
Reads sensitive mail data
3/5
Modifies native system functions
2/5
Searches for sensitive application data
2/5
Performs DNS request
2/5
Searches for sensitive mail data
2/5
Searches for sensitive browser data
2/5
Enumerates running processes
2/5
Possibly does reconnaissance
1/5
Content matched by YARA rules
1/5
Unusual large memory allocation
1/5
Accesses Microsoft Security Software registry keys
Backdoor
Downloader