URLhaus Database

You are currently viewing the URLhaus database entry for http://185.157.160.147:4444/cs.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	1605311
URL:	http://185.157.160.147:4444/cs.exe
URL Status:	Offline
Host:	185.157.160.147
Date added:	2021-09-09 13:31:04 UTC
Last online:	2021-09-21 01:XX:XX UTC
Threat:	Malware download
Reporter:	zbetcheckin
Abuse complaint sent (?):	Yes (2021-09-09 13:32:02 UTC to abuse{at}ovpn[dot]com)
Takedown time:	11 days, 12 hours, 21 minutes (down since 2021-09-21 01:53:26 UTC)
Tags:	32 AsyncRAT bitrat exe

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2021-09-16	n/a	exe	79faf94d8584a319520105b4e473768b522d7e51b3dcc2ac585138bdcf7694f1	35.82%	AsyncRAT
2021-09-15	n/a	exe	20be57520768269d20238fc8cc6e7b518589dcb26de568abc25af9101f76d179	20.00%	AsyncRAT
2021-09-15	n/a	exe	789c3bbb7e4017ec21245a5fc247f62ff2922309f2b20033b871401af04027b2	15.62%
2021-09-14	n/a	exe	0a975dd0ed5ad0c5be58ca6ed4c1fc01a3cab3b4322b49c786354ca0335dce1b	38.46%	AsyncRAT
2021-09-13	n/a	exe	e8f140047cc5a51e9d3850cf659d043c109b75ecb3a584946ad225328200ab86	n/a	BitRAT
2021-09-09	n/a	exe	a2e507885670e4e696c1c7815fe33a0173f03c8f2d109cc9ceb723d347cd8e65	37.31%	AsyncRAT