Threat Feed
QuasarRAT.exe
2026-06-23T17:00:02.211
malicious
Windows Exe (x86-32)
Close
QuasarRAT.exe
malicious
SHA256:
e45497746ec8e85c6775af9e03ac001e691017773d081bd3aeb5df09f3e3afaa
VMRay Threat Identifiers
Close
Severity
Operation
5/5
QuasarRAT configuration was extracted
5/5
Malicious content matched by YARA rules
5/5
Combination of other detections shows multiple input capture behaviors
3/5
Monitors keyboard input
3/5
Injects a file into another process
3/5
Obscures a file's origin
2/5
Schedules task
1/5
Tries to connect using an uncommon port
1/5
Performs DNS request
1/5
Creates mutex
1/5
Creates process with hidden window
1/5
Queries system time
1/5
Enables process privileges
1/5
Query OS Information
1/5
Connects to remote host
Spyware
Backdoor
transferencia interbancaria (BBVA).exe
2026-06-23T16:49:17.237
malicious
Windows Exe (x86-32)
Close
transferencia interbancaria (BBVA).exe
malicious
SHA256:
ca0d6b04fc3b7229e6379ad31799338a552a75f9c5b160cfee4678f88a4500fc
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Malicious content matched by YARA rules
5/5
XWorm configuration was extracted
4/5
Modifies control flow of another process
4/5
Writes into the memory of another process
4/5
Process Hollowing
3/5
Tries to detect the presence of antivirus software
3/5
Performs DNS request for known DDNS domain
2/5
Collects hardware properties
2/5
Queries OS info via WMI
1/5
Performs DNS request
1/5
Enumerates running processes
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Content matched by YARA rules
1/5
Reads from memory of another process
1/5
Resolves API functions dynamically
1/5
Creates process with hidden window
1/5
Queries system time
1/5
Creates mutex
1/5
Creates a page with write and execute permissions
1/5
Enables process privileges
Spyware
Injector
ANmWWP3WYlHovSns.exe
2026-06-23T16:49:10.733
malicious
Windows Exe (x86-64)
Close
ANmWWP3WYlHovSns.exe
malicious
SHA256:
692f916e2ab8b72c622e664fa7fc356b41fbeec41fa30756176bdf5282a4ebde
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Malicious content matched by YARA rules
3/5
Tries to detect the presence of antivirus software
3/5
Captures clipboard data
3/5
Takes screenshot
2/5
Delays execution
2/5
Queries OS info via WMI
2/5
Collects hardware properties
2/5
Queries a host's domain name
2/5
Makes direct system call to possibly evade hooking based monitoring
1/5
Resolves API functions dynamically
1/5
Creates process with hidden window
1/5
Accesses Microsoft Security Software registry keys
1/5
Downloads file
1/5
Tries to connect using an uncommon port
1/5
URL contains a TLD highly associated with phishing
1/5
Unusual large memory allocation
1/5
Query Firmware Information
Spyware
4aJfjRHWfP1CQ451.exe
2026-06-23T16:48:15.529
malicious
Windows Exe (x86-32)
Close
4aJfjRHWfP1CQ451.exe
malicious
SHA256:
c426ac07fa9135ddba5c1b94af8d57e4c9210612584e0be3a5967fb82286ff7e
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Tries to read cached credentials of various applications
4/5
Malicious content matched by YARA rules
3/5
Suspicious content matched by YARA rules
2/5
Searches for sensitive browser data
2/5
Reads sensitive browser data
2/5
Tries to detect application sandbox
2/5
Tries to detect virtual machine
2/5
Tries to detect analyzer sandbox
2/5
Collects hardware properties
2/5
Network configuration discovery
2/5
Deletes file after execution
2/5
Collects BIOS properties
2/5
Sets up server that accepts incoming connections
1/5
Enumerates running processes
1/5
Performs DNS request
1/5
Resolves API functions dynamically
1/5
Connects to remote host
1/5
Creates process with hidden window
1/5
Enables process privileges
1/5
Query OS Information
1/5
Reads system data
1/5
Queries system time
Spyware
gGEBhhsMc2BZlLCP.exe
2026-06-23T16:47:54.869
malicious
Windows Exe (x86-32)
Close
gGEBhhsMc2BZlLCP.exe
malicious
SHA256:
7f79ddfa12a8079246d75fe301862291ec49cc465c3d274102508404239f26f9
VMRay Threat Identifiers
Close
Severity
Operation
5/5
Combination of other detections shows configuration discovery
5/5
Combination of other detections shows multiple input capture behaviors
4/5
Event Triggered Execution
4/5
Loads a dropped DLL into a system binary
4/5
Malicious content matched by YARA rules
3/5
Modifies native system functions
3/5
Reads installed applications
3/5
Suspicious content matched by YARA rules
3/5
Takes screenshot
3/5
Tries to detect the presence of antivirus software
2/5
Collects hardware properties
2/5
Searches for cryptocurrency wallet locations
2/5
Searches for sensitive browser data
2/5
Enumerates running processes
2/5
Network configuration discovery
2/5
Suspicious content matched by YARA rules
2/5
Signed executable failed signature validation
2/5
Queries OS info via WMI
2/5
Schedules task
2/5
Searches for sensitive application data
2/5
Searches for sensitive mail data
2/5
Reads sensitive mail data
2/5
Searches for sensitive FTP data
2/5
Searches for sensitive remote access configuration data
2/5
Searches for sensitive password manager data
1/5
Creates mutex
1/5
Modifies application directory
1/5
Performs DNS request
1/5
Connects to remote host
1/5
Tries to connect using an uncommon port
1/5
Checks external IP address
1/5
Content matched by YARA rules
1/5
Resolves API functions dynamically
1/5
Overwrites code
1/5
Drops PE file
1/5
Loads a dropped DLL
1/5
Executes WMI query
1/5
Creates process with hidden window
1/5
Installs system startup script or application
1/5
Modifies operating system directory
1/5
Enables process privileges
1/5
Queries system time
1/5
Query OS Information
1/5
Writes an unusually large amount of data to the registry
1/5
Enumerates running processes
1/5
Reads system data
1/5
Possibly does reconnaissance
1/5
Accesses volumes directly
1/5
Reads from memory of another process
Spyware