Threat Feed | Online Malware Sandbox

URL

malicious

SHA256:

VMRay Threat Identifiers

Severity

Operation

5/5

Combination of other detections indicates a phishing website

4/5

Phishing page detected via Machine Learning

2/5

Branded Logon form detected via Computer Vision

2/5

Page uses exact same title as that of a popular online service

2/5

Unsecured data

1/5

Content matched by YARA rules

1/5

Branding image detected via Computer Vision

1/5

Page presents itself as a logon page

Phishing

file.exe

2026-04-21T10:24:14.205

Windows Exe (x86-64)

file.exe

malicious

SHA256: 1321e3918a1ce8f9db14582fc6a4caaed26ec3b798026c67c28a6ca3ad235c59

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

5/5

Combination of other detections shows multiple input capture behaviors

4/5

Malicious content matched by YARA rules

3/5

Takes screenshot

3/5

Tries to detect the presence of antivirus software

3/5

Captures clipboard data

2/5

Queries OS info via WMI

2/5

Queries a host's domain name

2/5

Makes direct system call to possibly evade hooking based monitoring

2/5

Collects hardware properties

1/5

Enumerates running processes

1/5

Downloads file

1/5

Tries to connect using an uncommon port

1/5

Resolves API functions dynamically

1/5

Query Firmware Information

1/5

Unusual large memory allocation

Spyware

xshsRDM8nkyKgRbF.exe

2026-04-21T10:23:12.294

Windows Exe (x86-32)

xshsRDM8nkyKgRbF.exe

malicious

SHA256: bd3de85d5b524de7a7707a7afb36d47e94a4726818cedce6f9bc4119d64878b2

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

2/5

Hides files

1/5

Possibly does reconnaissance

1/5

Content matched by YARA rules

1/5

Resolves API functions dynamically

1/5

Creates a page with write and execute permissions

1/5

Drops PE file

1/5

Modifies application directory

Virus

https://service.accrestorelab.cfd/login

2026-04-21T10:19:12.539

URL

https://service.accrestorelab.cfd/login

malicious

SHA256:

VMRay Threat Identifiers

Severity

Operation

5/5

Combination of other detections indicates a phishing website

4/5

Phishing page detected via Machine Learning

2/5

Page title matches the name of a popular online service

2/5

Branded Logon form detected via Computer Vision

1/5

Page secured via a Domain Validated SSL certificate

1/5

URL contains a TLD highly associated with phishing

1/5

Page presents itself as a logon page

1/5

Branding image detected via Computer Vision

Phishing

ROrZRLcarVaCs1cG.exe

2026-04-21T10:18:42.142

Windows Exe (x86-32)

ROrZRLcarVaCs1cG.exe

malicious

SHA256: 76c30b89295ce6b849bda712bfcc46a763082a764d956fd987bfc5bdeb3dda33

VMRay Threat Identifiers

Severity

Operation

5/5

Malicious content matched by YARA rules

3/5

Creates file(s) in the .NET assembly directory to hide them from Windows Explorer

2/5

Searches for sensitive browser data

2/5

Hides files

1/5

Resolves API functions dynamically

1/5

Creates an unusually large number of files

1/5

Creates a page with write and execute permissions

1/5

Drops PE file

1/5

Modifies application directory

1/5

Possibly does reconnaissance

1/5

Modifies operating system directory

Virus