Threat Feed
V7cNEDiyjoI8qzWe.exe
2026-04-25T11:04:57.630
malicious
Windows Exe (x86-32)
Close
V7cNEDiyjoI8qzWe.exe
malicious
SHA256:
1fa1ca42abac4f9bb826940e36893d4e6e2612a6cc314c490e593b2834027082
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Tries to read cached credentials of various applications
5/5
Malicious content matched by YARA rules
4/5
Modifies Windows Defender configuration
4/5
Blocks network connection to security products
4/5
Malicious content matched by YARA rules
3/5
Takes screenshot
2/5
Hides files
2/5
Reads network configuration
2/5
Searches for sensitive browser data
2/5
Sets up server that accepts incoming connections
2/5
Suspicious content matched by YARA rules
1/5
Creates mutex
1/5
A monitored process crashed
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Modifies operating system directory
1/5
Checks external IP address
1/5
Content matched by YARA rules
1/5
Installs system startup script or application
1/5
Query OS Information
1/5
Enables process privileges
1/5
Creates process with hidden window
Spyware
MCqqFkAwgNdQj2vE.exe
2026-04-25T11:04:28.651
malicious
Windows Exe (x86-32)
Close
MCqqFkAwgNdQj2vE.exe
malicious
SHA256:
835093d1cf4f912451b21712c726c5f418f7edd4b839f37b4bacde9cd8853930
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Modifies Windows Defender configuration
3/5
Bypasses PowerShell execution policy
3/5
Sends data via a Telegram bot
3/5
Monitors keyboard input
2/5
Collects hardware properties
2/5
Queries OS info via WMI
2/5
Schedules task
1/5
Enables process privileges
1/5
Accesses volumes directly
1/5
Creates mutex
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Resolves API functions dynamically
1/5
Query OS Information
Spyware
hNRvry5uz4vSmaw3.exe
2026-04-25T11:03:47.683
malicious
Windows Exe (x86-32)
Close
hNRvry5uz4vSmaw3.exe
malicious
SHA256:
88f237e53e07862aa68077f51adfd798b6adce45eef0748fcda088a39f9615fb
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Tries to read cached credentials of various applications
5/5
Malicious content matched by YARA rules
4/5
Blocks network connection to security products
4/5
Malicious content matched by YARA rules
4/5
Modifies Windows Defender configuration
3/5
Deletes file after execution
3/5
Takes screenshot
2/5
Reads network configuration
2/5
Searches for sensitive browser data
2/5
Sets up server that accepts incoming connections
2/5
Suspicious content matched by YARA rules
2/5
Hides files
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Deletes file after execution
2/5
Reads sensitive browser data
1/5
Installs system startup script or application
1/5
Query OS Information
1/5
Modifies operating system directory
1/5
Creates process with hidden window
1/5
Enables process privileges
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Checks external IP address
1/5
Content matched by YARA rules
1/5
Creates mutex
Spyware
7MC7Menb204RU7IY.exe
2026-04-25T11:03:04.525
malicious
Windows Exe (x86-32)
Close
7MC7Menb204RU7IY.exe
malicious
SHA256:
2465f1d506ed383f064a1f1bdac1d882830b8f75477faa1284c65198192676cc
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Tries to read cached credentials of various applications
5/5
UmbralStealer configuration was extracted
4/5
Modifies Windows Defender configuration
4/5
Blocks network connection to security products
4/5
Malicious content matched by YARA rules
3/5
Takes screenshot
3/5
Suspicious content matched by YARA rules
2/5
Suspicious content matched by YARA rules
2/5
Sets up server that accepts incoming connections
2/5
Reads network configuration
2/5
Hides files
2/5
Searches for sensitive browser data
1/5
Installs system startup script or application
1/5
Query OS Information
1/5
Modifies operating system directory
1/5
Enables process privileges
1/5
Creates process with hidden window
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Creates mutex
Spyware
mKFJWKRdCwx79NEK.exe
2026-04-25T11:02:12.954
malicious
Windows Exe (x86-32)
Close
mKFJWKRdCwx79NEK.exe
malicious
SHA256:
7782a5899de17568d9d595ca4f66b57cfd072b2d7072d44d502d4fc1cad46c28
VMRay Threat Identifiers
Close
Severity
Operation
4/5
Loads a dropped DLL into a system binary
4/5
Rename system utilities
3/5
All network connection attempts failed
1/5
Modifies operating system directory
1/5
Resolves API functions dynamically
1/5
Installs system service
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Executes dropped PE file
1/5
Creates process with hidden window
1/5
Timestamp manipulation
1/5
Creates mutex
1/5
Performs DNS request