URLhaus Database

You are currently viewing the URLhaus database entry for https://causelgt.com/fileFTP/js/ext/icon/Galaxy.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2344918
URL: https://causelgt.com/fileFTP/js/ext/icon/Galaxy.exe
URL Status:Offline
Host: causelgt.com
Date added:2022-10-01 14:18:12 UTC
Last online:2022-10-02 07:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: andretavare5
Abuse complaint sent (?): Yes (2022-10-01 14:19:11 UTC to abuse{at}phoenixnap[dot]com)
Takedown time:17 hours, 13 minutes Good (down since 2022-10-02 07:32:45 UTC)
Tags:dropby PrivateLoader RedLineStealer link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2022-10-01n/aexe ca943cad4feb48b7da378e205184231cd95928e5dff61300fba10d15b142d333Virustotal results 17.39%RedLineStealer
2022-10-01n/aexe f38fa95a5c036c2193db7d9b9c28f6bb6b5173c89e61cb396f1fbe03c457988bn/aRedLineStealer
2022-10-01n/aexe d57321805b57d9a004d652b7d8b00d9045d6940800653374e2a47c7dad2e9196n/aRedLineStealer
2022-10-01n/aexe d5d8501413231217f31c6b614fbc4e5cba5ba8cabb6da772e5ed82e484238088n/aRedLineStealer