URLhaus Database

You are currently viewing the URLhaus database entry for http://andrewjohnson.top/calc.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2705935
URL:	http://andrewjohnson.top/calc.exe
URL Status:	Offline
Host:	andrewjohnson.top
Date added:	2023-08-21 15:36:06 UTC
Last online:	2023-08-24 10:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Blocked
dns0.eu :	Status unknown
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	andretavare5
Abuse complaint sent (?):	Yes (2023-08-24 09:20:08 UTC to support{at}ruvds[dot]com)
Takedown time:	4 days, 4 hours, 38 minutes (down since 2023-08-25 20:15:33 UTC)
Tags:	burix dropped-by-PrivateLoader MarsStealer Stealc

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2023-08-25	n/a	exe	05564e0d6fe1ae0a70943353d51dd0bc19a47ec896ee36533632d34b9f557a90	n/a	Stealc
2023-08-25	n/a	exe	13ce643b4ba34757d8d5fa9e071308fbb0120bd467588a4b3b7e6181275af6e7	n/a	Stealc
2023-08-25	n/a	exe	1b0da8603f31103a5d90152c983ddd534e128abed1901fe5debb660c0bb6ecce	n/a	Stealc
2023-08-25	n/a	exe	480afef1f95b2130b1dfceafb7f5639d962c9957e003863dc30f6f7ed40ee79d	n/a	MarsStealer
2023-08-25	n/a	exe	d8e82dd460b3e9538fcef64e56b5348fa777e5d73dc1d61d92fd49e7e7e7305b	n/a	Stealc
2023-08-24	n/a	exe	7f175ae66302a4dcf074319d0d89220570a8963d43395d3cf61b3faaab3fe0b1	n/a	Stealc
2023-08-24	n/a	exe	c4cc355c8e3bc52a53f43f85c606d824b607fd91ffff384393bc7f99823bb219	39.39%	Stealc
2023-08-24	n/a	exe	9e9898215c57e4dd2d5e9e34e6bd3eef1f1594ccb17ef2f1e4c6f90481044a18	43.75%	MarsStealer
2023-08-24	n/a	exe	715821d03d18bb8dab9435aa68a6507532630ed3252dcbf76316a2e8ea228be8	43.08%	MarsStealer
2023-08-24	n/a	exe	cc8b9741a463bf30fac6365f6fa6aaf48a63e5a0931bc0eba57cf24f40e7b1bc	n/a	MarsStealer
2023-08-24	n/a	exe	bff8580b564b68ff541a2f597715b69a2bd9373529eb6278c2e6fcf321fb50bc	42.42%	Stealc
2023-08-24	n/a	exe	6c0089de11a289ffeb0a44db2d5dae12a3684a2f337fd7b49af6e08bb615b76c	n/a	Stealc
2023-08-24	n/a	exe	c12b55961d4542e07063d063d7f9cc6f5cc6c6b0c388b6565f1bb56fc19662f4	n/a	MarsStealer
2023-08-23	n/a	exe	651802363bfec1ee27819b8a7c2b48c68254ba6f75fb48c2b168c779615651f7	44.62%	MarsStealer
2023-08-23	n/a	exe	02b046423b0773b5b5a118ef16da6c55aac47ee3c6d2e861b9a8aaaedc248402	43.94%	Stealc
2023-08-23	n/a	exe	cbc45ecc527566af8060f7dbaea341962df2350423dbc3c674c27dcf5b7d3892	n/a	Stealc
2023-08-23	n/a	exe	2df44897eabeabd3cdcbe54374aa6e29c998e9667090a33a3955c7a803c202a9	n/a	MarsStealer
2023-08-23	n/a	exe	0ae1d3ff00b7076d442781a34a881890ff117897c6d889247131eb18f0581f72	42.19%	Stealc
2023-08-23	n/a	exe	01e358f96191d56edb8b11009728fa9ef69ea6628bb86a1c49dfb3122d1a9372	n/a	MarsStealer
2023-08-23	n/a	exe	508636b6c60753fad23295328180bf3b2c003437fdabc24a84f6d283fd3d96fa	43.66%	Stealc
2023-08-23	n/a	exe	d25fce3502958abc307965d62545c45b578a23d7d7878ffcaa0f65ea83068cb3	n/a	Stealc
2023-08-22	n/a	exe	c0d4f11f46c6d39aec1956a0703d1af2f0cfef9becffc8c73be712558dbbdf21	41.79%	Stealc
2023-08-22	n/a	exe	e66d15b8ea22a42469fc8f51aee5cb9a5a72360a5a14044fd779182541e419ab	41.27%	Stealc
2023-08-22	n/a	exe	efe76e209a9575bc73aa11a6c35be706087fdc696645821c5959a4f445540e3d	39.44%	Stealc
2023-08-22	n/a	exe	3a0540a3db9219f4f54fe07ce1777f8c1087b5ed126e5a404935a925e367593c	42.42%	MarsStealer
2023-08-22	n/a	exe	8320b1984cd007f2e819d2572382e0d231feae3b91ec2d30163665aa1295cdc5	40.00%	Stealc
2023-08-22	n/a	exe	7b573396a695127f4df05f183d2efc0e107115a24ccc0458b900e02eaeca2082	n/a	MarsStealer
2023-08-22	n/a	exe	ee29cc3108d7e380d887d223808f4254eb098bbaffc4639b5988261c8146eb80	n/a	MarsStealer
2023-08-22	n/a	exe	8c3379cd31478527d1d0405a836a59220a3cdd3135661b40d30e1ed509c34993	n/a	Stealc
2023-08-22	n/a	exe	0044ef132e6113d649ef27f1864c350ba16cb7ad5b4257fdb24a8cf9ec670310	n/a	MarsStealer
2023-08-21	n/a	exe	151d0f671b56cdeb1f7a2d3cd28160b2e766517fd056e5da4e32110f800a46b9	34.78%	MarsStealer
2023-08-21	n/a	exe	2a8c4927c673ae53fa0b99c0f2e8dce3b09ea7f6ea9855c4140f198b9789f916	39.39%	Stealc
2023-08-21	n/a	exe	34eba2859581b7326e6494e229e992053d0999e074921f95fe55c904efa485ec	n/a	MarsStealer
2023-08-21	n/a	exe	c0766ce30c875a6a40e50ca428861ce55a6c3133bc8e4f96feabe7de07bb4942	n/a	MarsStealer
2023-08-21	n/a	exe	ec0583aa7c0fc4ef8363a51b2c56a3ff5b602fa494325525d2a7c27b0775bea8	n/a	MarsStealer
2023-08-21	n/a	exe	6321cb7ca4e2ed3b0a5d3472556bfbe959343e0f7a971896189a8a1e7a467370	n/a	Stealc