Threat Feed
http://49.51.43.12/v3/signin/identifier?flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ASfE1-o9wV0XYtYrIXOhM0tnh4zEtNnto5eejBdjmDNFR1A9TxEMWSzfGJSCP6tf2l9DfOJOyZ4Z5Q&dsh=S-1240144837%3A1771356914854005
2026-02-17T20:49:22.484
malicious
URL
Close
http://49.51.43.12/v3/signin/identifier?flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ASfE1-o9wV0XYtYrIXOhM0tnh4zEtNnto5eejBdjmDNFR1A9TxEMWSzfGJSCP6tf2l9DfOJOyZ4Z5Q&dsh=S-1240144837%3A1771356914854005
malicious
SHA256:
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections indicates a phishing website
4/5
Phishing page detected via Machine Learning
2/5
Branded Logon form detected via Computer Vision
2/5
Page uses exact same title as that of a popular online service
1/5
Branding image detected via Computer Vision
1/5
Page presents itself as a logon page
1/5
HTTPS page insecurely loads resources via HTTP
1/5
Content matched by YARA rules
1/5
Page uses exact favicon of a popular online service
Phishing
bCQaWLrxyJ7fI8WV.exe
2026-02-17T20:48:17.332
malicious
Windows Exe (x86-32)
Close
bCQaWLrxyJ7fI8WV.exe
malicious
SHA256:
d85f52f9de09dd9db734ebbb0ba2f3816112b9bdae6c422fb766eb352f87cce4
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Writes into the memory of another process
4/5
Rename system utilities
3/5
Suspicious content matched by YARA rules
3/5
Executes code with kernel privileges
3/5
Modifies native system functions
2/5
Reads network configuration
2/5
Deletes file after execution
2/5
Reads network adapter information
2/5
Tries to detect virtual machine
2/5
Creates an unusually large number of processes
2/5
Sets up server that accepts incoming connections
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Sends control codes to a driver
2/5
Hijack installed services
2/5
Searches for sensitive browser data
1/5
Connects to remote host
1/5
Downloads file
1/5
Installs kernel driver
1/5
Content matched by YARA rules
1/5
Enables process privileges
1/5
Resolves API functions dynamically
1/5
Overwrites code
1/5
Installs system service
1/5
Creates mutex
1/5
Enumerates running processes
1/5
Modifies application directory
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
The binary file was created with a packer
1/5
Executes dropped PE file
1/5
Changes personalization-related browser settings
1/5
Reads from memory of another process
1/5
Reads mouse position
1/5
Query OS Information
1/5
Modifies operating system directory
1/5
Creates process with hidden window
1/5
Checks external IP address
1/5
Performs DNS request
Injector
0HaOmB0yjoYNRX2H.exe
2026-02-17T20:47:11.068
malicious
Windows Exe (x86-64)
Close
0HaOmB0yjoYNRX2H.exe
malicious
SHA256:
9497fe0566507fe3d2aae88271a102cd4bf1a6a45f293f9fe63a299abfbb6de1
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Modifies control flow of another process
4/5
Modifies Windows Defender configuration
4/5
Writes into the memory of another process
3/5
Modifies native system functions
2/5
Schedules task
1/5
Reads from memory of another process
1/5
Resolves API functions dynamically
1/5
Overwrites code
1/5
Drops PE file
1/5
Creates a page with write and execute permissions
1/5
Executes dropped PE file
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Enables process privileges
1/5
Creates mutex
Injector
yowMkYXbEEhWMZPx.exe
2026-02-17T20:46:20.572
malicious
Windows Exe (x86-64)
Close
yowMkYXbEEhWMZPx.exe
malicious
SHA256:
63570535f603d88269c29c348dc38049e85c54e26bb06eccfeb92335c3bc130f
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Modifies control flow of another process
4/5
Modifies Windows Defender configuration
4/5
Writes into the memory of another process
3/5
Modifies native system functions
2/5
Schedules task
1/5
Reads from memory of another process
1/5
Resolves API functions dynamically
1/5
Overwrites code
1/5
Drops PE file
1/5
Creates a page with write and execute permissions
1/5
Executes dropped PE file
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Enables process privileges
1/5
Creates mutex
Injector
QbWEapAk8fxwmRaw.exe
2026-02-17T20:30:51.693
malicious
Windows Exe (x86-64)
Close
QbWEapAk8fxwmRaw.exe
malicious
SHA256:
c2b8658105ac27484e01e275cc3710c4b5319c858f1484b331a749c70b8e397a
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Modifies control flow of another process
4/5
Modifies Windows Defender configuration
4/5
Writes into the memory of another process
3/5
Modifies native system functions
2/5
Delays execution
2/5
Schedules task
1/5
Modifies application directory
1/5
Executes WMI query
1/5
Resolves API functions dynamically
1/5
Overwrites code
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Creates a page with write and execute permissions
1/5
Modifies operating system directory
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Enables process privileges
1/5
Creates mutex
1/5
Reads from memory of another process
Injector