URLhaus Database

You are currently viewing the URLhaus database entry for http://31.41.244.253/fusa/bibar.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2453350
URL:	http://31.41.244.253/fusa/bibar.exe
URL Status:	Offline
Host:	31.41.244.253
Date added:	2022-12-10 08:31:04 UTC
Last online:	2022-12-12 09:XX:XX UTC
Threat:	Malware download
Reporter:	andretavare5
Abuse complaint sent (?):	Yes (2022-12-10 08:32:05 UTC to dl{at}redbytes[dot]ru)
Takedown time:	2 days, 1 hours, 21 minutes (down since 2022-12-12 09:53:32 UTC)
Tags:	Amadey drop-by-malware PrivateLoader RedLineStealer

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2022-12-11	n/a	exe	b5abfd22cee51a742c163d5ec42b22db2e2f0d5a7b472c12f45ed441a1f340f5	67.61%	RedLineStealer
2022-12-11	n/a	exe	91a2a3b8f8fce5813243637d239bb3e74fda099a0b06f8f905a2da3ac9917dd5	35.21%	Amadey
2022-12-11	n/a	exe	f44713ae8da2ab6585c6d8dd8f1529f2d9c314830a179ae69d5791ef859f34e1	43.06%	RedLineStealer
2022-12-10	n/a	exe	34a3e6647380474baf4bc09df04a47ae7225c9d5276788355c031b497be3b965	n/a	Amadey
2022-12-10	n/a	exe	3152717319bf85bf2957671be7e13125092e2b9a41471cf50ed5bfabe6e74b3b	n/a	Amadey
2022-12-10	n/a	exe	b0fa226cb266d1913525032c8c8f9c4f2742250108b5a7d322b1b7946fb3e4f7	n/a	Amadey