Threat Feed
Z9DZAd0rPKDt7uKy.exe
2026-07-03T16:33:54.257
malicious
Windows Exe (x86-32)
Close
Z9DZAd0rPKDt7uKy.exe
malicious
SHA256:
a29d854f728e69ff6fd7aa369c8c882d997c5f36bc42b6f6bc81a93601aa5169
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Known malicious mutex name is created
5/5
Malicious content matched by YARA rules
5/5
SalatStealer configuration was extracted
2/5
Suspicious content matched by YARA rules
2/5
Delays execution
2/5
Reads network adapter information
2/5
Sets up server that accepts incoming connections
1/5
Performs DNS request
1/5
Content matched by YARA rules
1/5
Reads system data
1/5
Resolves API functions dynamically
1/5
Unusual large memory allocation
Spyware
1Pc5xj2L4JeNMfWe.exe
2026-07-03T16:32:31.653
malicious
Windows Exe (x86-32)
Close
1Pc5xj2L4JeNMfWe.exe
malicious
SHA256:
ea41779c9a158b4663cee535fd8719ffaffc7d2b166fb8dfb989ce93598fe1ed
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Known malicious mutex name is created
5/5
Malicious content matched by YARA rules
5/5
SalatStealer configuration was extracted
2/5
Reads network adapter information
2/5
Collects hardware properties
2/5
Queries OS info via WMI
2/5
Suspicious content matched by YARA rules
2/5
Sets up server that accepts incoming connections
1/5
Enumerates running processes
1/5
Queries system time
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Reads system data
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Unusual large memory allocation
Spyware
PAYPAL - CONSULTA.JS
2026-07-03T16:28:08.755
malicious
JScript
Close
PAYPAL - CONSULTA.JS
malicious
SHA256:
66fc54126103d6d7682a96aaec36cf3ee1648ab9b4284461aded2ea6280a0191
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Agent Tesla configuration was extracted
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows configuration discovery
4/5
Tries to detect application sandbox
3/5
Reads sensitive browser data
3/5
Reads sensitive mail data
3/5
Classifies external IP address
2/5
Performs DNS request
2/5
Searches for sensitive mail data
2/5
Reads network adapter information
2/5
Searches for sensitive browser data
2/5
Enables process privileges
2/5
Collects hardware properties
2/5
Suspicious content matched by YARA rules
2/5
Queries OS info via WMI
2/5
Possibly does reconnaissance
2/5
Executes dropped PE file
1/5
Connects to remote host
1/5
Unusual large memory allocation
1/5
Queries system time
1/5
Query OS Information
1/5
Enumerates running processes
Spyware
Downloader
LlTNB5gwwEfIopUF.html
2026-07-03T16:26:04.002
malicious
HTML Document
Close
LlTNB5gwwEfIopUF.html
malicious
SHA256:
3843ca7408fea50ddca683356b076631a37041faad6966185a4aeda3764ddfd6
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections indicates a phishing website
2/5
Page uses exact same title as that of a popular online service
2/5
The HTML file contains logon form
2/5
Branded Logon form detected via Computer Vision
1/5
Branding image detected via Computer Vision
1/5
Page presents itself as a logon page
Phishing
file.exe
2026-07-03T16:24:40.891
malicious
Windows Exe (x86-64)
Close
file.exe
malicious
SHA256:
fd2d5ada1da9e1088e3ad645543dcdf407a1996be32041c4fd64e15591962577
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Tries to read cached credentials of various applications
5/5
Malicious content matched by YARA rules
3/5
Takes screenshot
3/5
Reads installed applications
3/5
Suspicious content matched by YARA rules
3/5
Uses HTTP to upload a large amount of data
3/5
Modifies native system functions
2/5
Searches for sensitive FTP data
2/5
Deletes file after execution
2/5
Searches for sensitive browser data
2/5
Searches for sensitive mail data
2/5
Searches for sensitive application data
2/5
Searches for cryptocurrency wallet locations
2/5
Searches for sensitive VPN configuration data
2/5
Suspicious content matched by YARA rules
2/5
Modifies control flow of a process started from a created or modified executable
1/5
Performs DNS request
1/5
Query CPU Properties
1/5
Content matched by YARA rules
1/5
Queries system time
1/5
Reads from memory of another process
1/5
Creates a page with write and execute permissions
1/5
Resolves API functions dynamically
1/5
Tries to detect debugger
1/5
Enumerates running processes
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Creates process with hidden window
1/5
Possibly does reconnaissance
Spyware