URLhaus Database

You are currently viewing the URLhaus database entry for https://login-sofi.4dq.com/tmp/pub1.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2711441
URL:	https://login-sofi.4dq.com/tmp/pub1.exe
URL Status:	Offline
Host:	login-sofi.4dq.com
Date added:	2023-09-13 09:52:06 UTC
Last online:	2023-09-14 08:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	zbetcheckin
Abuse complaint sent (?):	Yes (2023-09-13 09:53:07 UTC to abuse{at}linode[dot]com)
Takedown time:	22 hours, 57 minutes (down since 2023-09-14 08:50:47 UTC)
Tags:	32 exe Smoke Loader Stealc

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2023-09-14	n/a	exe	2ae5932352f9e2d0f9a6c05f6977b7566c0a0913ae0717c787380ea35045969b	39.44%	Smoke Loader
2023-09-14	n/a	exe	ca7040360abf1a1092dc866a3aa49c158bad9bda0b43493e0442a89dcb3abc97	42.25%	Smoke Loader
2023-09-14	n/a	exe	57023d355566b1bff7490a5bc5c4380e013b2b4fb68152c8118be21718e53329	n/a	Smoke Loader
2023-09-14	n/a	exe	c55c92457d03edbc7ec6f2c1ed55ca5e79d66d5ee568beab370229cd278649b1	41.43%	Stealc
2023-09-14	n/a	exe	4ce44622007ef6e7a92aeabc27d79e2f1297c1162e9324686010157660b55fb3	44.29%	Stealc
2023-09-13	n/a	exe	8c8545f91021086b21437241273005f51f0d05c46a434e9dd4076d6b98aa5c76	38.57%	Smoke Loader
2023-09-13	n/a	exe	2a8bad21145b4d758332588fb79ef6bcb2aa95bd7de7a2d8c0777e6f7146b115	n/a	Smoke Loader
2023-09-13	n/a	exe	17779ddb4bc3962bda0b0461ddf3eaf665c54364b3abe98d209b6f40781a1ab9	43.66%	Smoke Loader
2023-09-13	n/a	exe	4201248030180127dc4299a4dbcc6cde35beaafbefd9a25ffb3093d3e35f5dc2	42.25%	Smoke Loader
2023-09-13	n/a	exe	77fcb3294002ee5ecfbd36825e19d038a4d7d213734758dae1fa731bfa2b1058	43.48%	Stealc
2023-09-13	n/a	exe	f5b5c89e8d4e216a731c5fa57e53ebd9012c41f2d65c0c48eb45ccac021b4311	n/a	Smoke Loader
2023-09-13	n/a	exe	947fb340a672bd684a18ab7aeb7fe28cd9f2eee3c0de99c205f3a4a39aad12c0	n/a	Smoke Loader
2023-09-13	n/a	exe	581407074ab82ef32bfaaa4bd7a6bc4da38ca7c4ad8f91166c2be4325ae000f9	n/a	Smoke Loader
2023-09-13	n/a	exe	f16b46e15c651028ea359e8e0fa8c1b460a09570df3a29287d816c688cf1bce5	45.07%	Stealc
2023-09-13	n/a	exe	a2260ac65c2814e6a0e7b839474a298333f2a4a7ac60af12861dcc9edf5a6019	39.44%	Stealc