URLhaus Database

You are currently viewing the URLhaus database entry for http://79.137.192.18/wowo2.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2706551
URL:	http://79.137.192.18/wowo2.exe
URL Status:	Offline
Host:	79.137.192.18
Date added:	2023-08-24 00:14:07 UTC
Last online:	2023-09-02 22:XX:XX UTC
Threat:	Malware download
Reporter:	zbetcheckin
Abuse complaint sent (?):	Yes (2023-08-24 00:15:07 UTC to abuse{at}lethost[dot]co)
Takedown time:	9 days, 22 hours, 43 minutes (down since 2023-09-02 22:58:36 UTC)
Tags:	32 Amadey exe fabookie

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2023-08-30	n/a	exe	6936a56efd4d51f236841a94f58686ad099773e0adbef02561cda498347181f4	63.64%	Spambot.Kelihos
2023-08-27	n/a	exe	41208caccffa396b398d634e94671e3adb43a8602a4a7fccb6fd66460e6a800b	66.20%	Amadey
2023-08-25	n/a	exe	48f42120cc5b3683db52663963704e8f0a7d935a2a24e3911e83079fb4f25ff3	n/a	Fabookie
2023-08-24	n/a	exe	e9dc3c310187d5aa3a5451c4c6799792b5e6c501da776f0adeaf16302aa84e6e	n/a	Amadey
2023-08-24	n/a	exe	274f3f634099fc303b594c76743a296a478881fe29d2a0aa66afb18909d9f83f	61.76%	Amadey