URLhaus Database

You are currently viewing the URLhaus database entry for http://185.28.39.18:7777/185.28.39.18/chinazx.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2715438
URL:	http://185.28.39.18:7777/185.28.39.18/chinazx.exe
URL Status:	Offline
Host:	185.28.39.18
Date added:	2023-10-01 08:28:06 UTC
Last online:	2023-10-28 22:XX:XX UTC
Threat:	Malware download
Reporter:	zbetcheckin
Abuse complaint sent (?):	Yes (2023-10-01 08:29:04 UTC to abuse{at}des[dot]capital)
Takedown time:	27 days, 13 hours, 47 minutes (down since 2023-10-28 22:16:48 UTC)
Tags:	32 AgentTesla exe Loki

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2023-10-13	n/a	exe	b86144dfc47dfa888b32e7153b2f446a9d74fca1adb4559af13015b1e42754fd	23.61%	AgentTesla
2023-10-12	n/a	exe	2ad5fc4c0105f4bfa5ee3167bad89bec7878f81c429024a9f9a4a2df76c2bc76	25.71%	AgentTesla
2023-10-11	n/a	exe	6b3489b579fefbc2f4c54ed12057f250a809ce6d2861f567d561a9d868fa712c	n/a	AgentTesla
2023-10-11	n/a	exe	810b1fa7f6da8f8630e22580272d2b2aeea8902806ec2ac92c8833becd71de0c	n/a	AgentTesla
2023-10-11	n/a	exe	5656c153b65de82b8104162a070e36cde0a5ae7fb38569390fda0e9f2492a9d4	29.58%	AgentTesla
2023-10-01	n/a	exe	25c2e758d1a58b0ffa3398e9a248358bfa1c36bb745884e65a59282cd5049315	62.50%	Loki