Threat Feed
MszL1o3NF6vmFXc9.html
2026-02-08T13:15:57.968
malicious
HTML Document
Close
MszL1o3NF6vmFXc9.html
malicious
SHA256:
7c330e7ee9c3e354cf88b53ff08679f49708251d696f17678f5c6a7e3b7e6fc8
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections indicates a phishing website
2/5
Page uses exact same title as that of a popular online service
2/5
The HTML file contains logon form
2/5
Branded Logon form detected via Computer Vision
1/5
Page presents itself as a logon page
Phishing
http://facebo0k-log1n.netlify.app
2026-02-08T13:13:42.773
malicious
URL
Close
http://facebo0k-log1n.netlify.app
malicious
SHA256:
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections indicates a phishing website
4/5
Phishing page detected via Machine Learning
2/5
Page is served from a service commonly used for temporary hosting
2/5
Branded Logon form detected via Computer Vision
2/5
Page uses exact same title as that of a popular online service
1/5
Branding image detected via Computer Vision
1/5
Page presents itself as a logon page
Phishing
Ti6gLXgcvC0RSjld.exe
2026-02-08T13:12:44.101
malicious
Windows Exe (x86-32)
Close
Ti6gLXgcvC0RSjld.exe
malicious
SHA256:
077147beb06274c3274030703494210a1e8294b7bf7c8e75cab0c09a91e1a321
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Modifies Windows Defender configuration
4/5
Writes into the memory of another process
3/5
Captures clipboard data
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Signed executable failed signature validation
2/5
Delays execution
2/5
Deletes file after execution
1/5
Enables process privileges
1/5
Query CPU Properties
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Executes dropped PE file
1/5
Installs system service
1/5
Creates process with hidden window
1/5
Modifies operating system directory
1/5
Query OS Information
1/5
Accesses volumes directly
1/5
Creates mutex
1/5
Creates a page with write and execute permissions
1/5
Unusual large memory allocation
1/5
Writes an unusually large amount of data to the registry
1/5
Enumerates running processes
Spyware
Injector
PayeeAdvice_HK02022_R0977491_02178_PDF.exe
2026-02-08T13:10:21.915
malicious
Windows Exe (x86-32)
Close
PayeeAdvice_HK02022_R0977491_02178_PDF.exe
malicious
SHA256:
6093b99ac39503f585b6a7ed7e20727c24a784a7a93c181596209054a561ad71
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Tries to read cached credentials of various applications
5/5
Lokibot configuration was extracted
5/5
Malicious content matched by YARA rules
3/5
Makes direct system calls to hide process injection
3/5
All network connection attempts failed
2/5
Searches for sensitive mail data
2/5
Searches for sensitive browser data
2/5
Reads sensitive mail data
2/5
Reads sensitive browser data
2/5
Delays execution
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Modifies control flow of a process started from a created or modified executable
2/5
Searches for sensitive application data
2/5
Searches for sensitive FTP data
2/5
Reads sensitive FTP data
2/5
Reads sensitive application data
1/5
Reads system data
1/5
Creates process with hidden window
1/5
Reads from memory of another process
1/5
Enables process privileges
1/5
Connects to remote host
1/5
Possibly does reconnaissance
1/5
Reloads native system libraries
1/5
Creates mutex
1/5
Creates a page with write and execute permissions
Spyware
Injector
Loader.exe
2026-02-08T13:07:52.897
malicious
Windows Exe (x86-64)
Close
Loader.exe
malicious
SHA256:
115739f735ebb69c067e41808d3313e538eec809eb0d7ea764765f6442f949ca
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Modifies control flow of another process
4/5
Writes into the memory of another process
3/5
Modifies native system functions
3/5
Uses HTTP to upload a large amount of data
3/5
Suspicious content matched by YARA rules
3/5
Takes screenshot
3/5
Tries to evade debugger
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Tries to detect virtual machine
2/5
Tries to detect application sandbox
2/5
Tries to detect kernel debugger
2/5
Deletes file after execution
1/5
Overwrites code
1/5
Enumerates running processes
1/5
Query Firmware Information
1/5
Creates a page with write and execute permissions
1/5
Reads from memory of another process
1/5
Creates process with hidden window
1/5
Checks external IP address
1/5
Resolves API functions dynamically
1/5
Tries to detect debugger
Spyware
Injector