Threat Feed
https://usc1.contabostorage.com/be6dfdc1dc04432f81e1265debc2fa11:micr0/excel.html#x@x.com
2026-06-12T16:55:07.711
malicious
URL
Close
https://usc1.contabostorage.com/be6dfdc1dc04432f81e1265debc2fa11:micr0/excel.html#x@x.com
malicious
SHA256:
VMRay Threat Identifiers
Close
Severity
Operation
5/5
TelegramPhishkit configuration was extracted
5/5
Combination of other detections indicates a phishing website
4/5
Phishing page detected via Machine Learning
4/5
Malicious content matched by YARA rules
3/5
Dynamically loads branding image via third-party API
3/5
Suspicious content matched by YARA rules
1/5
Page secured via a Domain Validated SSL certificate
1/5
Page presents itself as a logon page
1/5
Logon form detected via Computer Vision
1/5
URL contains email address
1/5
Page contains clickables with luring keywords
1/5
Page contains a form with unusual text spacing
Phishing
file_b92525972d65ba7f.exe
2026-06-12T16:52:12.333
malicious
Windows Exe (x86-64)
Close
file_b92525972d65ba7f.exe
malicious
SHA256:
8b6d087dc70aa52e70ddc2d7541b8cada0572ad783cd6967ba103bf158371085
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Malicious content matched by YARA rules
3/5
Captures clipboard data
3/5
Tries to detect the presence of antivirus software
3/5
Takes screenshot
3/5
Modifies native system functions
2/5
Deletes file after execution
2/5
Collects hardware properties
2/5
Queries a host's domain name
2/5
Makes direct system call to possibly evade hooking based monitoring
2/5
Queries OS info via WMI
1/5
Executes dropped PE file
1/5
Creates process with hidden window
1/5
Performs DNS request
1/5
Downloads file
1/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
1/5
Reads from memory of another process
1/5
Resolves API functions dynamically
1/5
Creates a page with write and execute permissions
1/5
Tries to detect debugger
1/5
Enumerates running processes
1/5
Drops PE file
1/5
Query Firmware Information
Spyware
0z9uH05aYBsKrXMu.exe
2026-06-12T16:47:19.731
malicious
Windows Exe (x86-32)
Close
0z9uH05aYBsKrXMu.exe
malicious
SHA256:
42ff72f16518adca208770c61efa388c4437c27872e0cb41f4a501db7d7895e0
VMRay Threat Identifiers
Close
Severity
Operation
5/5
SalatStealer configuration was extracted
5/5
Malicious content matched by YARA rules
5/5
Tries to read cached credentials of various applications
5/5
Known malicious mutex name is created
5/5
Combination of other detections shows configuration discovery
4/5
Creates a Process with redirected Input
3/5
Takes screenshot
2/5
Reads sensitive browser data
2/5
Searches for sensitive browser data
2/5
Sets up server that accepts incoming connections
2/5
Suspicious content matched by YARA rules
2/5
Schedules task
2/5
Collects hardware properties
2/5
Queries OS info via WMI
2/5
Reads network adapter information
2/5
Searches for sensitive application data
1/5
Timestamp manipulation
1/5
Content matched by YARA rules
1/5
Performs DNS request
1/5
Reads system data
1/5
Unusual large memory allocation
1/5
Modifies application directory
1/5
Accesses Microsoft Security Software registry keys
1/5
Possibly does reconnaissance
1/5
Creates process with hidden window
1/5
A monitored process crashed
1/5
Drops PE file
1/5
Enumerates running processes
1/5
Executes dropped PE file
1/5
Resolves API functions dynamically
Spyware
RE NEW ORDER PO-2604-0025 LABS AKCT-18950-0321876 20260611.js
2026-06-12T16:45:26.822
malicious
JScript
Close
RE NEW ORDER PO-2604-0025 LABS AKCT-18950-0321876 20260611.js
malicious
SHA256:
1b0ca10700c0ebe855b547cab1499d1846dc51a3126b630be18c38382d9289b9
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Monitors keyboard input
5/5
Tries to read cached credentials of various applications
5/5
Injected process sets up server that accepts incoming connections
5/5
Combination of other detections shows multiple input capture behaviors
5/5
PhantomStealer configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Tries to detect the presence of antivirus software
4/5
Writes into the memory of another process
4/5
Malicious content matched by YARA rules
4/5
Connects to SMTP server
4/5
Process Hollowing
4/5
Reads from memory of another process
3/5
Bypasses PowerShell execution policy
3/5
Reads sensitive mail data
3/5
Suspicious content matched by YARA rules
2/5
Searches for sensitive browser data
2/5
Performs DNS request
2/5
Enables process privileges
2/5
Installs system startup script or application
2/5
Checks external IP address
2/5
Drops PE file
2/5
Suspicious content matched by YARA rules
2/5
Executes PowerShell without default profile
2/5
Collects hardware properties
2/5
Searches for sensitive mail data
2/5
Possibly does reconnaissance
2/5
Executes dropped PE file
2/5
Reads network adapter information
2/5
Queries OS info via WMI
1/5
Connects to remote host
1/5
Query OS Information
1/5
Creates mutex
1/5
Executes WMI query
1/5
Accesses Microsoft Security Software registry keys
1/5
Content matched by YARA rules
Spyware
Backdoor
Keylogger
Injector
Reporte_Nomina_12062026.xls.jse
2026-06-12T16:45:17.210
malicious
JScript
Close
Reporte_Nomina_12062026.xls.jse
malicious
SHA256:
5251ee3870384c5252037d2f4d9a192de2c541dfffb1006af1e242bf1161a5e3
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Tries to read cached credentials of various applications
5/5
Injected process sets up server that accepts incoming connections
5/5
Combination of other detections shows configuration discovery
4/5
Tries to detect application sandbox
4/5
Writes into the memory of another process
4/5
Process Hollowing
4/5
Reads from memory of another process
3/5
Bypasses PowerShell execution policy
3/5
Classifies external IP address
3/5
Reads sensitive browser data
3/5
Reads sensitive mail data
2/5
Reads network adapter information
2/5
Executes PowerShell without default profile
2/5
Searches for sensitive browser data
2/5
Queries OS info via WMI
2/5
Performs DNS request
2/5
Tries to connect using an uncommon port
2/5
Suspicious content matched by YARA rules
2/5
Searches for sensitive mail data
2/5
Enables process privileges
2/5
Possibly does reconnaissance
2/5
Collects hardware properties
1/5
Enumerates running processes
1/5
Connects to remote host
1/5
Accesses Microsoft Security Software registry keys
1/5
Query OS Information
Spyware
Backdoor
Injector