URLhaus Database

You are currently viewing the URLhaus database entry for http://183.110.79.42:8/buff.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry




ID:144217
URL: http://183.110.79.42:8/buff.exe
URL Status:Offline
Host: 183.110.79.42
Date added:2019-02-24 18:44:07 UTC
Last online:2019-03-23 05:XX:XX UTC
Threat:Malware download Malware download
Reporter: shotgunner101
Abuse complaint sent (?): Yes (2019-02-24 18:46:02 UTC to kornet_ip{at}kt[dot]com)
Takedown time:26 days, 10 hours, 59 minutes Bad (down since 2019-03-23 05:45:38 UTC)
Tags:exe payload stage2

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2019-03-20buff.exe;exe 813434ec5ac84ef910c741a71e1d3f987a80594f0aa840f109e77c713523c535n/a 
2019-03-13buff.exe;exe e3eb1538c145cc301fba7b2e3648a91116f3e210567373205afc850c863d1bb3n/a 
2019-03-13buff.exe;exe b0c359c10f00a6ecb193f3f072f3782abce6d976f15fb93df728cbb70d39cbd0n/a 
2019-03-12buff.exe;exe e7864548ed0a7baef038a922c056bc16c3f4b1fd5bbd7df4fd5814e9f9352d17n/a 
2019-03-11buff.exe;exe 39b4af8f39ebd4feb2ada7e5d53671ed44171f5859af85554da660db7df1a575n/a 
2019-03-07buff.exe;exe 49403e4e59be74a82d3d03a5a783be49579e43c2e2ac8ace8583f68af8691b75n/a 
2019-03-01buff.exe;exe 6a8dde45812fd86015f5189d44bd503db951295e9cbbb6308d651aae29aa9766n/a 
2019-02-24buff.exe;exe bae2b92fd872d4a6d54c92da94497c1b444d3b4485291d56c45ecbe734ccf8b3Virustotal results 58.46%