Threat Feed
EiiVKA7xXn933NFt.exe
2026-03-22T18:31:35.165
malicious
Windows Exe (x86-64)
Close
EiiVKA7xXn933NFt.exe
malicious
SHA256:
ef24dc91f4acff4bc40bd79962d6d2ba5eba69b77bdc396c699c3dc5b236999d
VMRay Threat Identifiers
Close
Severity
Operation
5/5
BlankGrabber configuration was extracted
5/5
Malicious content matched by YARA rules
2/5
Signed executable failed signature validation
1/5
Content matched by YARA rules
1/5
Loads a dropped DLL
1/5
Timestamp manipulation
1/5
Drops PE file
1/5
Resolves API functions dynamically
1/5
A monitored process crashed
Spyware
file.exe
2026-03-22T18:29:05.259
malicious
Windows Exe (x86-64)
Close
file.exe
malicious
SHA256:
9a26f4f5358b7b3cb881100f88818595df1b38af266020e64a63aafa8b533466
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Tries to read cached credentials of various applications
5/5
Vidar configuration was extracted
4/5
Malicious content matched by YARA rules
3/5
Takes screenshot
3/5
Reads installed applications
3/5
Uses HTTP to upload a large amount of data
2/5
Reads sensitive mail data
2/5
Tries to detect virtual machine
2/5
Searches for sensitive browser data
2/5
Allows invalid SSL certificates
2/5
Searches for sensitive mail data
2/5
Searches for sensitive application data
1/5
Possibly does reconnaissance
1/5
Tries to detect debugger
1/5
Reads system data
1/5
URL contains a TLD highly associated with phishing
1/5
Enumerates running processes
1/5
Query CPU Properties
1/5
Query OS Information
Spyware
Stealer
file.exe
2026-03-22T18:28:28.931
malicious
Windows Exe (x86-64)
Close
file.exe
malicious
SHA256:
7e1d19ec4a39f4050f2fb64c9a633f68827fa4896827ac85cffc6ee6c5814fb7
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Vidar configuration was extracted
5/5
Combination of other detections shows multiple input capture behaviors
5/5
Malicious content matched by YARA rules
5/5
Tries to read cached credentials of various applications
4/5
Malicious content matched by YARA rules
3/5
Uses HTTP to upload a large amount of data
3/5
Takes screenshot
3/5
Reads installed applications
2/5
Reads sensitive mail data
2/5
Searches for sensitive application data
2/5
Tries to detect virtual machine
2/5
Searches for sensitive browser data
2/5
Allows invalid SSL certificates
2/5
Searches for sensitive mail data
1/5
Query CPU Properties
1/5
Possibly does reconnaissance
1/5
Query OS Information
1/5
Reads system data
1/5
URL contains a TLD highly associated with phishing
1/5
Enumerates running processes
1/5
Tries to detect debugger
Spyware
Stealer
o3T1bQiiSkoM0XET.exe
2026-03-22T18:18:51.260
malicious
Windows Exe (x86-32)
Close
o3T1bQiiSkoM0XET.exe
malicious
SHA256:
05ef64ac9c1f0abdb3ad9ca320c1b3aa6f9ed8d3f5fec08b5886de79e0b2e406
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Deletes file after execution
1/5
Tries to detect debugger
1/5
Creates a page with write and execute permissions
1/5
Possibly does reconnaissance
1/5
Drops PE file
1/5
Timestamp manipulation
1/5
Creates process with hidden window
1/5
Drops PE masquerading Filename
1/5
Modifies application directory
XaSrsKiIX0wILNLu.exe
2026-03-22T18:16:59.607
malicious
Windows Exe (x86-32)
Close
XaSrsKiIX0wILNLu.exe
malicious
SHA256:
068918b0be0219ccbf42833179617daada0bbb5f7846eb5ac999b929810e1a45
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Rename system utilities
4/5
Loads a dropped DLL into a system binary
3/5
All network connection attempts failed
2/5
Delays execution
1/5
Installs system service
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Creates process with hidden window
1/5
Executes dropped PE file
1/5
Creates mutex
1/5
Modifies operating system directory
1/5
Performs DNS request