URLhaus Database

You are currently viewing the URLhaus database entry for http://23.249.161.109/wrd/mamez.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry




ID:17069
URL: http://23.249.161.109/wrd/mamez.exe
URL Status:Offline
Host: 23.249.161.109
Date added:2018-06-11 04:45:10 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Unknown
SURBL:Not listed
Reporter:@lovemalware
Abuse complaint sent (?): Yes (2018-06-11 10:45:40 UTC to support{at}vpsace[dot]com)
Tags:exe Formbook link Pony link

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2018-06-22n/aexe a2c1ae193a44b00c8745606fe3dd8619d178647f1bf8f324c9c70bd12dadc8c7n/aFormbook
2018-06-21n/aexe 01a10f454d0a7e7761b3b3551b6ad7f83394229a6d7270af8884f56218e67322n/aFormbook
2018-06-20n/aexe 2c35791075f21a5784a8426df60e614dc9b6ed626e7cb42f04e1dd4b79d3109an/aFormbook
2018-06-20n/aexe e066793e3e50b57bd1fad29f546bf68d9d0830dae8af1bf5ac32e05ffe5a1978n/aFormbook
2018-06-19n/aexe 66b5171e1d8a84f828b81f79d3654df9a64cc4871104997dc80d51649ad0f4b3n/aFormbook
2018-06-19n/aexe 9daa60547d9b06fe3c6ae333a49e481481d7850e75682ec05bfe8cfa6ca518bdn/aFormbook
2018-06-12n/aexe 60a993475d7ce597c55b6f73976210ab04bed8de5f71b5b8d1f37a6878a39102n/a
2018-06-11n/aexe 923d698fb876c1356acbb3f6264742102f49abecff31ef13f836a1f4494a2d38n/aFormbook
2018-06-11n/aexe 8657439fd797bf47dcbb1b23a0539b2986d26b95a2d4638d966b2207ad345adcVirustotal results 19.12%Formbook