URLhaus Database
URLhaus tries to identify the malware associated with the payload served by a certain malware URL. In case URLhaus is able to identify the associated malware family, the payload will be tagged accordingly (field signature). The page below gives you an overview on payloads that URLhaus has identified as CastleRAT.
Database Entry
| Signature: | CastleRAT |
|---|---|
| Firstseen: | 2025-11-05 07:53:10 UTC |
| Lastseen: | 2026-01-29 09:05:14 UTC |
| Unique Payloads: | 2 |
| URLs: | 2 |
Payload
The table below shows all payloads that have been identified as CastleRAT.
| Firstseen (UTC) | SHA256 | File Type | File size | VT |
|---|---|---|---|---|
| 2026-01-29 09:05:14 | cd98020335542711e7520a2ed134aaa9ca38cc4d729f743a67190cdaabe49ecc | 3'622'255 | n/a | |
| 2025-11-05 07:53:10 | baf0f3e9f99bd2e816c3dd2f3cc3b2ad8b75185045e0311f1a8e3f041860567a | 5'411'455 |  20 / 64 (31.25) |
Number of entries displayed: 2 (max: 1'000)