Threat Feed | Online Malware Sandbox

Windows Exe (x86-32)

0f1425848b9b390461924a03c4c9bac804cf1f9694ea6.exe

malicious

SHA256: 0f1425848b9b390461924a03c4c9bac804cf1f9694ea66469d3222b730a816b5

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

5/5

Remcos configuration was extracted

2/5

Delays execution

1/5

Creates mutex

1/5

Tries to connect using an uncommon port

1/5

Resolves API functions dynamically

1/5

Connects to remote host

1/5

Query OS Information

1/5

Installs system startup script or application

Backdoor

https://zzzaa.pages.dev

2026-03-02T20:29:40.260

URL

https://zzzaa.pages.dev

malicious

SHA256:

VMRay Threat Identifiers

Severity

Operation

5/5

TelegramPhishkit configuration was extracted

4/5

Malicious content matched by YARA rules

2/5

Page is served from a service commonly used for temporary hosting

1/5

Resource is loaded from a service commonly used for temporary hosting

1/5

URL contains a TLD highly associated with phishing

1/5

Page presents itself as a logon page

Phishing

https://www.roblox.com.gl/users/283691566284/profile

2026-03-02T20:29:36.184

URL

Phishing

https://bafybeiaq5pqhvhu6nyuftch27nbebo6ppqg7nrnxuh2isgoggyqgk4eoxy.ipfs.dweb.link/cPweb37.html

2026-03-02T20:29:13.140

URL

Phishing

https://qrco.de/bgd10y

2026-03-02T20:28:28.915

URL

Phishing