URLhaus Database

You are currently viewing the URLhaus database entry for http://cointra.ac.ug/ghjk.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2506772
URL: http://cointra.ac.ug/ghjk.exe
URL Status:Offline
Host: cointra.ac.ug
Date added:2023-01-13 16:52:10 UTC
Last online:2023-05-29 07:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: abuse_ch
Abuse complaint sent (?): Yes (2023-05-27 12:03:05 UTC to support{at}zerohost[dot]io)
Takedown time:6 months, 28 days, 9 hours, 10 minutes Bad (down since 2023-08-10 02:03:26 UTC)
Tags:AZORult link CoinMiner exe ModiLoader link RecordBreaker link Rhadamanthys zgRAT

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2023-08-07n/aexe 29f5a8629986da0b4a353e5423fb39c505cba7c06e7aa4b5a4029c5a1669ae95n/aRhadamanthys
2023-07-19n/aexe bcf3266e8996bcdb7acb686034f264b07c228ce37f1212b663b636cc0317ee1aVirustotal results 26.76% AZORult
2023-07-02n/aexe 1253ad3ab49cde520cc0f632ad392a246b159faace4e86b0fc3358dc761beab3n/a
2023-06-28n/aexe 2ad0a86a8c78c4ff669d22f8991b97be2ff8b9f43f70bca8edba49e7d9ca8c4dn/a
2023-06-25n/aexe fc6ddb1f7644597b84d14e3efa4cd1a1d1ad0083141b3fa2a613cd3c092f6505Virustotal results 33.80%Rhadamanthys
2023-06-22n/aexe 689237d2f44033680730daca65da6e0e40c943bfb612c8cecce0ad77177aaac8n/a
2023-06-21n/aexe d0e3789eb98ff74bae246b25fc6132eb8b10d46ea2ec5eeca60fc1f4ad0365f1n/a
2023-05-28n/aexe 5d2e841645576d0eefcc6bcc6c0d480c0c6874f05a56e92441319a5c41b38979Virustotal results 35.21% AZORult
2023-05-12n/aexe bf1d731a91e424fd67778f176ac652fa5ca39f2ab188ef740184e4b2808c7b3cn/aAZORult
2023-05-11n/aexe 79a7c9d15971c14d78baccbf211b3ca1e9adcb0befc6d3d1c5d92902d70678e2Virustotal results 45.59%AZORult
2023-05-08n/aexe 84c18f78f11b9bc3fd3e96925d2a7b76ab5ecfb927c377ad27456e191815b24aVirustotal results 50.00%CoinMiner
2023-05-03n/aexe 83263fa7b8c560ae026a24d6ea9e6eafb16aa207cc5557c65c7f71f703f3a593Virustotal results 44.93% 
2023-05-01n/aexe e99f79618b991de5d1052096950590a4fe833b885871a96bb1202e3d6dd876a0Virustotal results 55.07% 
2023-04-30n/aexe ff277e11345c79a60de0ba45011460629487e82e8b0b58a8ddfdfeca2d7623f5n/a 
2023-04-22n/aexe 0127ebf8628f963a453520b0149fc11fc5d0a56536ce2a41c9dfdd3c597a0746Virustotal results 23.19% zgRAT
2023-04-18n/aexe b415a5cc8d0c1c960e7bc16bcb9351943b2c998f9430b1a1425b715754cc1e11Virustotal results 31.88% ModiLoader
2023-04-14n/aexe c90193af8ffe050ad79402dfceb9274be08b300bc02ecb1e6394917ee50934e4n/a ModiLoader
2023-04-11n/aexe f69fe47b45493435767ef633fa0788cfaafca7ce8bea782ca305c5d5627b1660n/a
2023-04-09n/aexe 5abff7207b977da3f2978a40d0ae30cb55ebb4fffde07814712361b6379bcc33n/a 
2023-04-07n/aexe 4130ce135fbfab00618f261a0397e88479d2f61e1ed0d09ebcde525439774f3en/a AZORult
2023-03-23n/aexe 6ad4c22533cf835aaafd24303e155aa431d3aa38c1746dc8fccf2924e0be4b63n/a Rhadamanthys
2023-03-16n/aexe a54493e71a7f28fe61e607ba4c089ada71e13ff9e1df6cef5619a4163e2b0a1fVirustotal results 23.53%AZORult
2023-02-05n/aexe 4908e51e65bf67fdc3a559be7c47c3df1354a4a864b931cb176d282048f8d9c2n/aAZORult
2023-01-13n/aexe 8c5df030de0c79f2155a60e0d5f41889ec8d07d441279d406996dca4639f8539Virustotal results 32.86%RecordBreaker