Threat Feed
Vessel Particulars.js
2026-07-11T16:51:29.487
malicious
JScript
Close
Vessel Particulars.js
malicious
SHA256:
a74a948afc694949bf99f9bee9215cc759c082cded0ab1b8f6be345630bfd81e
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows configuration discovery
5/5
Agent Tesla configuration was extracted
4/5
Process Hollowing
4/5
Connects to SMTP server
4/5
Writes into the memory of another process
4/5
Reads from memory of another process
3/5
Bypasses PowerShell execution policy
3/5
Reads sensitive mail data
3/5
Reads sensitive browser data
2/5
Performs DNS request
2/5
Searches for sensitive browser data
2/5
Suspicious content matched by YARA rules
2/5
Executes PowerShell with hidden window
2/5
Executes PowerShell without default profile
2/5
Searches for sensitive mail data
2/5
Enables process privileges
2/5
Possibly does reconnaissance
2/5
Searches for sensitive FTP data
2/5
Searches for sensitive application data
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Reads network adapter information
2/5
Enumerates running processes
1/5
Enumerates running processes
1/5
Connects to remote host
1/5
Content matched by YARA rules
1/5
Query OS Information
1/5
Accesses Microsoft Security Software registry keys
Spyware
Injector
zaO5IjDLRIKdeRVg.exe
2026-07-11T16:47:40.409
malicious
Windows Exe (x86-32)
Close
zaO5IjDLRIKdeRVg.exe
malicious
SHA256:
c6990bdf1c81ef754eaa7eee1fd040a9ffd008ceff740b1bbd59ae4f696f2ad6
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
Known malicious mutex name is created
5/5
Tries to read cached credentials of various applications
5/5
Combination of other detections shows configuration discovery
5/5
SalatStealer configuration was extracted
3/5
Takes screenshot
2/5
Collects hardware properties
2/5
Sets up server that accepts incoming connections
2/5
Delays execution
2/5
Suspicious content matched by YARA rules
2/5
Queries OS info via WMI
2/5
Schedules task
2/5
Reads network adapter information
2/5
Searches for sensitive application data
2/5
Searches for cryptocurrency wallet locations
2/5
Searches for sensitive browser data
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
A monitored process crashed
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Timestamp manipulation
1/5
Queries system time
1/5
Modifies application directory
1/5
Reads system data
1/5
Creates process with hidden window
1/5
Enumerates running processes
1/5
Possibly does reconnaissance
1/5
Accesses Microsoft Security Software registry keys
1/5
Performs DNS request
1/5
Unusual large memory allocation
Spyware
L8r8wx2Bfh8IKLln.html
2026-07-11T16:44:18.583
malicious
HTML Document
Close
L8r8wx2Bfh8IKLln.html
malicious
SHA256:
46dd6883b60324f956d2feaf797731badeee02665dfcbfa4bdbca0d5f99f799f
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections indicates a phishing website
2/5
Page uses exact same title as that of a popular online service
2/5
The HTML file contains logon form
2/5
Branded Logon form detected via Computer Vision
1/5
Page presents itself as a logon page
Phishing
QuickFetch.exe
2026-07-11T16:39:42.749
malicious
Windows Exe (x86-64)
Close
QuickFetch.exe
malicious
SHA256:
13ef08faa437a06751eedeb6ba64c1d0edcfb8d381524855cc86b12d9220bbca
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows configuration discovery
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows multiple input capture behaviors
3/5
Takes screenshot
3/5
Modifies native system functions
3/5
Bypasses PowerShell execution policy
3/5
Reads installed applications
2/5
Searches for sensitive application data
2/5
Executes PowerShell without default profile
2/5
Signed executable failed signature validation
2/5
Executes PowerShell with hidden window
2/5
Searches for cryptocurrency wallet locations
2/5
Searches for sensitive browser data
2/5
Searches for sensitive remote access configuration data
2/5
Searches for sensitive password manager data
2/5
Deletes file after execution
2/5
Collects hardware properties
2/5
Queries OS info via WMI
2/5
Modifies control flow of a process started from a created or modified executable
1/5
Executes downloaded executable
1/5
Performs DNS request
1/5
Tries to detect debugger
1/5
Enumerates running processes
1/5
Reads from memory of another process
1/5
Queries system time
1/5
Creates a page with write and execute permissions
1/5
Possibly does reconnaissance
1/5
Accesses Microsoft Security Software registry keys
1/5
Creates mutex
1/5
Creates process with hidden window
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Checks external IP address
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
A monitored process crashed
1/5
Drops PE file
1/5
Executes dropped PE file
1/5
Downloads executable
Spyware
Downloader
ru6krpGCiIlkR9lK.html
2026-07-11T16:37:14.853
malicious
HTML Document
Close
ru6krpGCiIlkR9lK.html
malicious
SHA256:
c7de1afd6a06cf408446095fff8d765bcd67bc4e5a817531ebf016707010f5b4
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
4/5
Possible Pastejacking attempt
2/5
Embedded URL does not use standard port
1/5
Logon form detected via Computer Vision
1/5
URL contains a TLD highly associated with phishing
1/5
Page contains clickables with luring keywords
Downloader