Threat Feed
xBJbnD1X9JYVhJJ5.xls
2026-05-05T10:56:50.088
malicious
Excel Document
Close
xBJbnD1X9JYVhJJ5.xls
malicious
SHA256:
7cea52259ce19a096b1ed70c688d3f8df63fe9e8dfe542022baba4a0cc489165
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Downloads file
4/5
Tries to connect using an uncommon port
3/5
Suspicious content matched by YARA rules
2/5
Encoded IP address
1/5
Content matched by YARA rules
1/5
Contains known suspicious class identifier
Downloader
dynamicvision.exe
2026-05-05T10:54:59.044
malicious
Windows Exe (x86-32)
Close
dynamicvision.exe
malicious
SHA256:
2156c504f8b4ddc6d2760a0c989c31c93d53b85252d14095cebcadcbe3772a0c
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
NanoCore configuration was extracted
4/5
Obscures a file's origin
3/5
Monitors user input
2/5
Sets up server that accepts incoming connections
1/5
Query OS Information
1/5
Modifies application directory
1/5
Installs system startup script or application
1/5
Creates mutex
1/5
Enables process privileges
1/5
Enumerates running processes
1/5
Reads system data
1/5
Performs DNS request
1/5
Connects to remote host
Backdoor
PO 283974863 -R0-S - 0908273.exe
2026-05-05T10:54:25.830
malicious
Windows Exe (x86-32)
Close
PO 283974863 -R0-S - 0908273.exe
malicious
SHA256:
790945e17a51691483455a11af2efcbe15f2b473b65b151f50287623d1468516
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Tries to read cached credentials of various applications
5/5
Malicious content matched by YARA rules
5/5
PhantomStealer configuration was extracted
4/5
Process Hollowing
4/5
Monitors clipboard content
4/5
Injected process sets up server that accepts incoming connections
4/5
Modifies Windows Defender configuration
4/5
Malicious content matched by YARA rules
3/5
Bypasses PowerShell execution policy
3/5
Monitors keyboard input
3/5
Takes screenshot
3/5
Tries to detect the presence of antivirus software
3/5
Suspicious content matched by YARA rules
2/5
Searches for sensitive browser data
2/5
Searches for sensitive mail data
2/5
Reads sensitive mail data
2/5
Collects hardware properties
2/5
Queries OS info via WMI
2/5
Suspicious content matched by YARA rules
2/5
Modifies control flow of a process started from a created or modified executable
2/5
Executes PowerShell without default profile
2/5
Executes PowerShell with hidden window
1/5
Content matched by YARA rules
1/5
Enumerates running processes
1/5
Creates mutex
1/5
Creates a page with write and execute permissions
1/5
Reads from memory of another process
1/5
Resolves API functions dynamically
1/5
Installs system startup script or application
1/5
Enables process privileges
1/5
Accesses Microsoft Security Software registry keys
1/5
Creates process with hidden window
1/5
Query OS Information
1/5
Possibly does reconnaissance
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Checks external IP address
Spyware
Backdoor
Keylogger
Injector
0tSNkd1xIR4vF1K.exe
2026-05-05T10:47:27.222
malicious
Windows Exe (x86-32)
Close
0tSNkd1xIR4vF1K.exe
malicious
SHA256:
b037ec84d28e701f78fb02c5e36064b921adddefca5e24587fb918c0fa9e294f
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
VIPKeylogger configuration was extracted
5/5
Tries to read cached credentials of various applications
4/5
Process Hollowing
4/5
Writes into the memory of another process
4/5
Modifies control flow of another process
4/5
Malicious content matched by YARA rules
3/5
Sends data via a Telegram bot
2/5
Reads sensitive browser data
2/5
Searches for sensitive mail data
2/5
Searches for sensitive browser data
2/5
Searches for sensitive application data
2/5
Suspicious content matched by YARA rules
1/5
Checks external IP address
1/5
Content matched by YARA rules
1/5
Creates process with hidden window
1/5
Performs DNS request
1/5
Possibly does reconnaissance
1/5
Reads from memory of another process
1/5
Query OS Information
1/5
Enumerates running processes
1/5
Enables process privileges
1/5
Creates a page with write and execute permissions
1/5
Connects to remote host
Spyware
Injector
sarma pim ve Plastik kapaklar _fiyat ve stok bilgisi _27803 _3426 Siparis Jpeg.js
2026-05-05T10:44:10.761
malicious
JScript
Close
sarma pim ve Plastik kapaklar _fiyat ve stok bilgisi _27803 _3426 Siparis Jpeg.js
malicious
SHA256:
b9b9f95b43183e398c41c00e8d96c35ba249c2958503e0df982892c2e95bf5de
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Tries to detect kernel debugger
4/5
Writes into the memory of another process
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Modifies control flow of another process
4/5
Process Hollowing
4/5
Reads from memory of another process
3/5
Reads sensitive browser data
3/5
Delays execution
3/5
Bypasses PowerShell execution policy
3/5
Captures clipboard data
2/5
Downloads file
2/5
Performs DNS request
2/5
Loads a dropped DLL
2/5
Executes PowerShell without default profile
2/5
Executes PowerShell with hidden window
2/5
Searches for sensitive browser data
2/5
Enumerates running processes
2/5
Possibly does reconnaissance
1/5
Connects to remote host
1/5
Enumerates running processes
1/5
Creates mutex
1/5
URL contains a TLD highly associated with phishing
1/5
Accesses Microsoft Security Software registry keys
1/5
Query OS Information
1/5
Content matched by YARA rules
Spyware
Injector