URLhaus Database

You are currently viewing the URLhaus database entry for http://37.139.129.142/htdocs/NfBxTDAoPkCYMzA.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2276021
URL:	http://37.139.129.142/htdocs/NfBxTDAoPkCYMzA.exe
URL Status:	Offline
Host:	37.139.129.142
Date added:	2022-08-23 11:13:29 UTC
Last online:	2022-08-31 16:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2022-08-23 11:14:05 UTC to abuse{at}neterra[dot]net)
Takedown time:	8 days, 5 hours, 12 minutes (down since 2022-08-31 16:26:50 UTC)
Tags:	exe Formbook NanoCore opendir

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2022-08-30	n/a	exe	375d1a9b98531aaaf0d05ad0c23f5ddca52ec2bbd4d2abeeeab58d03f8d8b630	74.29%	Formbook
2022-08-27	n/a	exe	22a19734326aad3f8a2321db66c0a5c992665391b6b43da3764ae440ee41305f	67.61%
2022-08-27	n/a	exe	0c1f11ad6848bee69954157b8b05d2e17a1256c9ceea893900ce101cadbd3ed5	n/a
2022-08-23	n/a	exe	e5399dab77ba2ed72dd552db92b7cc0066142e017d82c8de1f0dcbfc21fec24f	82.86%	NanoCore
2022-08-23	n/a	exe	04153178e5f9f669cd1c89d653d45a0431d46ff5e9dc6128522bc02aacdb9895	43.48%