Threat Feed
2KfMCG5Ihq48TY4L.html
2026-05-16T04:37:29.663
malicious
HTML Document
Close
2KfMCG5Ihq48TY4L.html
malicious
SHA256:
14c115669363b02a6238ede5e23d56a4a7acffec465eff8fba1532803eb47d19
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections indicates a phishing website
2/5
The HTML file contains logon form
2/5
Branded Logon form detected via Computer Vision
2/5
Page uses exact same title as that of a popular online service
1/5
Page presents itself as a logon page
1/5
Branding image detected via Computer Vision
Phishing
Remittance_90523_03.exe
2026-05-16T04:36:18.901
malicious
Windows Exe (x86-32)
Close
Remittance_90523_03.exe
malicious
SHA256:
a8bb0249e51a19d2a7c9d326c496cc4a5564c3be5389cee77c292de6c1285aca
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Writes into the memory of another process
4/5
Makes indirect system call to possibly evade hooking based monitoring
4/5
Process Hollowing
4/5
Modifies control flow of another process
4/5
Modifies Windows Defender configuration
3/5
Captures clipboard data
2/5
Modifies control flow of a process started from a created or modified executable
2/5
Delays execution
2/5
Tries to detect kernel debugger
2/5
Searches for sensitive browser data
2/5
Reads sensitive browser data
1/5
Connects to remote host
1/5
Tries to detect debugger
1/5
Enumerates running processes
1/5
Creates mutex
1/5
Accesses Microsoft Security Software registry keys
1/5
Creates process with hidden window
1/5
Reads from memory of another process
1/5
Query OS Information
1/5
Creates a page with write and execute permissions
1/5
Performs DNS request
Spyware
Injector
LMmQV45H3RmR0XH6.html
2026-05-16T04:35:12.613
malicious
HTML Document
Close
LMmQV45H3RmR0XH6.html
malicious
SHA256:
e62d2bd680214a253733c007ba479080068b6091d29242ba0c3415a714ccd901
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
The HTML file contains logon form
1/5
Logon form detected via Computer Vision
1/5
URL contains a TLD highly associated with phishing
1/5
Page contains clickables with luring keywords
Downloader
sQHu4YWqdKz69Y8S.exe
2026-05-16T04:31:54.094
malicious
Windows Exe (x86-64)
Close
sQHu4YWqdKz69Y8S.exe
malicious
SHA256:
1ad2bc22e39863ec3842fb255ea236a5e85d75aa039742e03e674cd6e2769993
VMRay Threat Identifiers
Close
Severity
Operation
5/5
XMRig configuration was extracted
5/5
Malicious content matched by YARA rules
4/5
Modifies control flow of another process
4/5
Injected process sets up server that accepts incoming connections
4/5
Writes into the memory of another process
2/5
Reads network adapter information
2/5
Sets up server that accepts incoming connections
2/5
Schedules task
2/5
Collects hardware properties
2/5
Tries to detect virtual machine
2/5
Makes direct system call to possibly evade hooking based monitoring
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Checks external IP address
1/5
Resolves API functions dynamically
1/5
Creates mutex
1/5
Overwrites code
1/5
Query CPU Properties
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Downloads executable
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Enables process privileges
1/5
Installs kernel driver
1/5
Unusual large memory allocation
1/5
Modifies operating system directory
Backdoor
Downloader
PUA
Miner
Injector
DHld7rfvuvIrbebX
2026-05-16T04:31:16.611
malicious
Linux ELF Executable (x86-64)
Close
DHld7rfvuvIrbebX
malicious
SHA256:
d9d9c1a0f466e20e5a9a096424032fe1d2410cb2e679a3267e82b61c131630e1
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Mirai configuration was extracted
5/5
Malicious content matched by YARA rules
2/5
Installs system service
2/5
Deletes file after execution
2/5
Delays execution
2/5
Schedules task with Cron
2/5
Disables a system tool
2/5
Enumerates running processes
1/5
Starts a service
1/5
Creates hidden file or folder
1/5
Masquerades file extension
1/5
Clones process
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
Trojan
Bot