URLhaus Database

You are currently viewing the URLhaus database entry for http://79.137.194.132/s.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	2609900
URL:	http://79.137.194.132/s.exe
URL Status:	Offline
Host:	79.137.194.132
Date added:	2023-04-15 15:36:10 UTC
Last online:	2023-04-16 17:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2023-04-15 15:37:04 UTC to abuse{at}aeza[dot]net)
Takedown time:	1 day, 1 hours, 43 minutes (down since 2023-04-16 17:20:59 UTC)
Tags:	exe Smoke Loader

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2023-04-16	n/a	exe	3f0e70b092aac710d8d87d0ca54369f1f5d5792dfd6b017ba7cef74aa1c7c0f4	44.29%		Smoke Loader
2023-04-16	n/a	exe	656c13cd530866713e8ce3ee1e6f24d399afa8711532879ba49fd0a5476b772b	42.86%		Smoke Loader
2023-04-16	n/a	exe	9bf1c0c828bed11c6c07422aa8e1e36a0f58c93ca24b8578daed9234cffc9100	n/a		Smoke Loader
2023-04-16	n/a	exe	db9f119bd916b65f7bf46cdd0be1854246d4f2128877f063e9716d18f49c8fdb	n/a		Smoke Loader
2023-04-16	n/a	exe	e1333b612da8a0435c3e071f057db334c9fec56bd93b51bf0dbfe323eb5045ac	n/a		Smoke Loader
2023-04-15	n/a	exe	da9d971021147b23ea87e2f240967e6bb9e5c37123f4fb12e2b03e6fdc59f84d	n/a		Smoke Loader
2023-04-15	n/a	exe	e166b9d1e628c647920935fc626fbac875041bdb34f37f81b0409568c18c61ad	42.86%		Smoke Loader
2023-04-15	n/a	exe	c745107f1a0f024ea33897a3d05c8389e275b8c2023ebea867319f8d9d969a16	n/a		Smoke Loader
2023-04-15	n/a	exe	48e94d9715428e0b0bbeb6480cd9fc8c943773d71ad1c8808e5c48d5f8ff5958	44.29%		Smoke Loader