URLhaus Database

You are currently viewing the URLhaus database entry for http://84.54.50.31/D/Nano.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2649397
URL:	http://84.54.50.31/D/Nano.exe
URL Status:	Offline
Host:	84.54.50.31
Date added:	2023-06-01 19:41:13 UTC
Last online:	2023-08-26 04:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2023-06-01 19:42:06 UTC to abuse{at}delis[dot]one,abuse{at}des[dot]capital)
Takedown time:	2 months, 25 days, 8 hours, 32 minutes (down since 2023-08-26 04:14:28 UTC)
Tags:	NanoCore opendir zgRAT

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2023-06-08	n/a	exe	1fdf23401a81a5b558b87e91316f8104167fa88d6a849a17d1dc4f372582ef6a	47.89%	NanoCore
2023-06-07	n/a	exe	5ddf1289ab0bc93ce442ae80a0ba8b4c25d4dfc78fff12da0f41a691c351aa32	39.44%	NanoCore
2023-06-05	n/a	exe	1d28cee9d618d8f15b3875ea1ac44a8bf4d9c59171da3227ba3b973e0c9fdb1a	34.78%	NanoCore
2023-06-02	n/a	exe	685522dda736e8c071fcc9dc4b7bb3d58c45f36828eb0b8ca8557e5ec56499ad	n/a	zgRAT
2023-06-01	n/a	exe	74cef918a24f7e55e6dd275460232d04b26078085940ddce80fd91056cae89ec	35.21%