Threat Feed
https://https7267-arbbgu-dot-my-project-80459kci.ew.r.appspot.com/#cmVkYWN0ZWRAaW9ub3MuY29t
2026-03-26T17:55:14.516
malicious
URL
Close
https://https7267-arbbgu-dot-my-project-80459kci.ew.r.appspot.com/#cmVkYWN0ZWRAaW9ub3MuY29t
malicious
SHA256:
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections indicates a phishing website
2/5
Page is served from a service commonly used for temporary hosting
1/5
Page secured via a Domain Validated SSL certificate
1/5
Suspicious page characteristics
1/5
URL contains obfuscated email address
1/5
URL contains a TLD highly associated with phishing
1/5
Loads image resources from another website
1/5
Content matched by YARA rules
1/5
Resource is loaded from a service commonly used for temporary hosting
1/5
Logon form detected via Computer Vision
1/5
Page presents itself as a logon page
1/5
Page uses exact favicon of a popular online service
Phishing
7zI4kc0Ut83eLtxX.exe
2026-03-26T17:47:19.325
malicious
Windows Exe (x86-32)
Close
7zI4kc0Ut83eLtxX.exe
malicious
SHA256:
04d87760c4e8fd7d5f2ae326cbed77fa8f34d1fa6857cb7fb7b6f9841e321e0d
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
2/5
Deletes file after execution
1/5
Creates mutex
1/5
Modifies operating system directory
1/5
Unusual large memory allocation
1/5
Installs system service
1/5
Enumerates running processes
1/5
Creates process with hidden window
1/5
Modifies application directory
1/5
Query CPU Properties
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Downloads file
1/5
Tries to connect using an uncommon port
1/5
Resolves API functions dynamically
1/5
Query OS Information
1/5
Creates a page with write and execute permissions
Backdoor
nhEeNOYlPSGwzsqu.exe
2026-03-26T17:47:14.567
malicious
Windows Exe (x86-64)
Close
nhEeNOYlPSGwzsqu.exe
malicious
SHA256:
ae58402d546e15e91eea0f9fb0708e635b8e59fd13f5d80ee4f968d46a91d988
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
QuasarRAT configuration was extracted
4/5
Modifies Windows Update configuration
4/5
Disables Windows Recovery Environment
3/5
Monitors keyboard input
3/5
Disables a crucial system service
3/5
Bypasses PowerShell execution policy
3/5
Suspicious content matched by YARA rules
2/5
Sets up server that accepts incoming connections
2/5
Hijack installed services
2/5
Modifies Windows Firewall configuration
2/5
Disables a system tool
2/5
Reads network configuration
2/5
Hides files
2/5
Modifies network configuration
1/5
Executes dropped PE file
1/5
Timestamp manipulation
1/5
Modifies operating system directory
1/5
Connects to remote host
1/5
Query OS Information
1/5
Creates process with hidden window
1/5
Enumerates running processes
1/5
Creates mutex
1/5
Installs system startup script or application
1/5
Installs system service
1/5
Accesses volumes directly
1/5
Performs DNS request
1/5
Modifies application directory
1/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Drops PE file
1/5
Loads a dropped DLL
Backdoor
7ac7d052157b22283619e84a8a435788af0d21f714b3615bd523187dc6601f50.exe
2026-03-26T17:46:27.260
malicious
Windows Exe (x86-32)
Close
7ac7d052157b22283619e84a8a435788af0d21f714b3615bd523187dc6601f50.exe
malicious
SHA256:
7ac7d052157b22283619e84a8a435788af0d21f714b3615bd523187dc6601f50
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
QuasarRAT configuration was extracted
4/5
Obscures a file's origin
1/5
Creates mutex
1/5
Query OS Information
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Enables process privileges
Backdoor
https://tysars.cam/offatta/zT3ZLvAhEFfRZaefXtce0mNTXjz2MhWeosOp#Ac2FyYWhtQHRhbmR0LW1hdGVyaWFscy5jb20=
2026-03-26T17:38:02.653
malicious
URL
Close
https://tysars.cam/offatta/zT3ZLvAhEFfRZaefXtce0mNTXjz2MhWeosOp#Ac2FyYWhtQHRhbmR0LW1hdGVyaWFscy5jb20=
malicious
SHA256:
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections indicates a phishing website
4/5
Phishing page detected via Machine Learning
3/5
Page contains a Microsoft logon form
2/5
Page contains captcha and branding image
1/5
URL contains obfuscated email address
1/5
Checks external IP address
1/5
Logon form detected via Computer Vision
1/5
Content matched by YARA rules
1/5
Branding image detected via Computer Vision
1/5
Page presents itself as a logon page
1/5
Page secured via a Domain Validated SSL certificate
Phishing