Threat Feed
ammsMtAQGZ1ubbTe.exe
2026-05-20T22:37:43.583
malicious
Windows Exe (x86-32)
Close
ammsMtAQGZ1ubbTe.exe
malicious
SHA256:
b714d813bab56a10f086d5c03d00b2015a5cb4bc7074ee69a3c814db2d297086
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Tries to read cached credentials of various applications
5/5
Combination of other detections shows configuration discovery
5/5
Agent Tesla configuration was extracted
4/5
Process Hollowing
4/5
Writes into the memory of another process
4/5
Modifies control flow of another process
4/5
Injected process sets up server that accepts incoming connections
2/5
Reads network adapter information
2/5
Searches for sensitive browser data
2/5
Queries OS info via WMI
2/5
Searches for sensitive FTP data
2/5
Tries to detect analyzer sandbox
2/5
Searches for sensitive application data
2/5
Reads sensitive browser data
2/5
Collects hardware properties
2/5
Reads sensitive mail data
2/5
Searches for sensitive mail data
1/5
Downloads file
1/5
Query OS Information
1/5
Enables process privileges
1/5
Enumerates running processes
1/5
Possibly does reconnaissance
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Creates a page with write and execute permissions
1/5
Tries to connect using an uncommon port
1/5
Resolves API functions dynamically
1/5
Modifies application directory
1/5
Creates process with hidden window
Spyware
Backdoor
Injector
3v2XNP6RQZ4bbgEe.doc
2026-05-20T22:36:59.985
malicious
Word Document
Close
3v2XNP6RQZ4bbgEe.doc
malicious
SHA256:
e009b48c53490e15fe7fffdab1dd7ecee37c55fb6fe47415e34743a695c53306
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Captures clipboard data
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Document tries to create process
4/5
Tries to detect kernel debugger
4/5
Modifies control flow of another process
4/5
Connects to remote host
4/5
Downloads file
4/5
Attempts to connect through HTTP
4/5
Writes into the memory of another process
4/5
Exploits a vulnerability in MS Office
4/5
Reads from memory of another process
4/5
Performs DNS request
3/5
Installs system startup script or application
3/5
Delays execution
3/5
Enumerates running processes
2/5
Drops PE file
1/5
Timestamp manipulation
1/5
Creates mutex
1/5
Contains suspicious meta data
1/5
Content matched by YARA rules
1/5
A monitored process crashed
1/5
Tries to detect debugger
Spyware
Downloader
Exploit
Injector
31DIP2UEgLI1aqj8.exe
2026-05-20T22:36:37.793
malicious
Windows Exe (x86-32)
Close
31DIP2UEgLI1aqj8.exe
malicious
SHA256:
45f8b6714740f76a3e5d78fd30265cab88a499340c54c6700864baa20fd4b5a2
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Tries to read cached credentials of various applications
5/5
Malicious content matched by YARA rules
5/5
VIPKeylogger configuration was extracted
4/5
Malicious content matched by YARA rules
4/5
Writes into the memory of another process
4/5
Modifies control flow of another process
4/5
Process Hollowing
3/5
Makes direct system calls to hide process injection
3/5
Sends data via a Telegram bot
2/5
Searches for sensitive application data
2/5
Delays execution
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Reads sensitive mail data
2/5
Reads network adapter information
2/5
Searches for sensitive browser data
2/5
Searches for sensitive mail data
2/5
Suspicious content matched by YARA rules
1/5
Reloads native system libraries
1/5
Creates a page with write and execute permissions
1/5
Enables process privileges
1/5
Enumerates running processes
1/5
Query OS Information
1/5
Creates process with hidden window
1/5
Possibly does reconnaissance
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Checks external IP address
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Reads from memory of another process
1/5
Tries to detect debugger
Spyware
Injector
dI9fU7jKGps63DrH.exe
2026-05-20T22:36:13.014
malicious
Windows Exe (x86-32)
Close
dI9fU7jKGps63DrH.exe
malicious
SHA256:
055675d264560c06c4fd434bfb942a23c8a8e73cd4ecba7b8370ef1b45b0c361
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Modifies control flow of another process
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Process Hollowing
4/5
Writes into the memory of another process
3/5
Makes direct system calls to hide process injection
3/5
Captures clipboard data
3/5
All network connection attempts failed
2/5
Suspicious content matched by YARA rules
2/5
Delays execution
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Tries to detect kernel debugger
1/5
Reads from memory of another process
1/5
Creates a page with write and execute permissions
1/5
Enumerates running processes
1/5
Creates mutex
1/5
Creates process with hidden window
1/5
Tries to detect debugger
1/5
Query OS Information
1/5
Performs DNS request
1/5
Reloads native system libraries
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
Spyware
Injector
Df5z63gy0eKhdrqz.exe
2026-05-20T22:35:54.701
malicious
Windows Exe (x86-32)
Close
Df5z63gy0eKhdrqz.exe
malicious
SHA256:
dc7b1e1abe159e148fac0f724e5762582d29fea2b154e96500a91c368c354b00
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Tries to read cached credentials of various applications
5/5
Combination of other detections shows multiple input capture behaviors
5/5
VIPKeylogger configuration was extracted
4/5
Modifies Windows Defender configuration
4/5
Malicious content matched by YARA rules
3/5
Suspicious content matched by YARA rules
3/5
Monitors keyboard input
3/5
Takes screenshot
3/5
Reads installed applications
3/5
Sends data via a Telegram bot
2/5
Searches for sensitive mail data
2/5
Searches for sensitive browser data
2/5
Delays execution
2/5
Suspicious content matched by YARA rules
2/5
Reads sensitive mail data
1/5
Enables process privileges
1/5
Creates process with hidden window
1/5
Query OS Information
1/5
Accesses Microsoft Security Software registry keys
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Checks external IP address
1/5
Content matched by YARA rules
1/5
Obfuscates control flow
1/5
Installs system startup script or application
1/5
Creates mutex
1/5
Enumerates running processes
Spyware