URLhaus Database

You are currently viewing the URLhaus database entry for http://208.67.105.179/endyzx.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	2264613
URL:	http://208.67.105.179/endyzx.exe
URL Status:	Offline
Host:	208.67.105.179
Date added:	2022-08-04 05:08:04 UTC
Last online:	2023-01-19 16:XX:XX UTC
Threat:	Malware download
Reporter:	zbetcheckin
Abuse complaint sent (?):	Yes (2022-08-04 05:09:05 UTC to abuse{at}serverion[dot]com)
Takedown time:	5 months, 18 days, 11 hours, 23 minutes (down since 2023-01-19 16:32:30 UTC)
Tags:	32 AgentTesla exe SnakeKeylogger

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2022-08-14	n/a	exe	5d34dd7aee32b5be52e75de5786c332a3e6003f96f219c170ec43516d8019f5c	n/a		SnakeKeylogger
2022-08-12	n/a	exe	555e12af16c39adccc3f6854f88ab65b8006614b146c92096756eeca62412d4d	n/a		AgentTesla
2022-08-11	n/a	exe	7c5b1799b53738afdacfd81f6ecfa62e11009efb5a17be9616b72486113ffb91	n/a		AgentTesla
2022-08-11	n/a	exe	7770e8dfa978c37240f0f926eaa4953cfc121b3d9e38e10ac59d54db65d938ac	n/a		AgentTesla
2022-08-11	n/a	exe	572b1b24e7cab4dabf54e14745b39a6e796a2eb495014821b3878ea69196dae4	n/a		AgentTesla
2022-08-11	n/a	exe	d3d0df85c85253328af94bee554e9e5d98f40b63aa6dda048b286fc0f9005efc	n/a		SnakeKeylogger
2022-08-10	n/a	exe	39a5752c41ffb369111d8be2da8e65526c54cb13a05e80537af0195d1910d6de	36.62%		SnakeKeylogger
2022-08-05	n/a	exe	0f1ce7ad3b5641a232629c5d519e044f680d8fc019f264e2a336c56ef1a8f976	36.62%		SnakeKeylogger
2022-08-04	n/a	exe	96a016bd56788ea8881e423f3d718318d84ee3007c7980617bc17cb078192037	n/a		SnakeKeylogger
2022-08-04	n/a	exe	3d46d3d37421f6cdfe97a98887e2dfe348e209b419474a96190ecda195aac70c	42.25%		SnakeKeylogger