URLhaus Database

You are currently viewing the URLhaus database entry for http://45.81.39.123/snow.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2723306
URL:	http://45.81.39.123/snow.exe
URL Status:	Offline
Host:	45.81.39.123
Date added:	2023-10-23 13:20:07 UTC
Last online:	2023-10-31 02:XX:XX UTC
Threat:	Malware download
Reporter:	James_inthe_box
Abuse complaint sent (?):	Yes (2023-10-23 13:21:05 UTC to abuse{at}des[dot]capital)
Takedown time:	7 days, 13 hours, 13 minutes (down since 2023-10-31 02:34:31 UTC)
Tags:	AgentTesla

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2023-10-30	n/a	exe	70a6934d9f837431bf584c73ee501edcf644452dd42d69b827deec335668636c	n/a	AgentTesla
2023-10-30	n/a	exe	83001fcaf0b0224ef118d879eb488ed5512922ea07806b7f3e26db3ab1ff563d	n/a	AgentTesla
2023-10-30	n/a	exe	b66389f8c63b24ddf68e99b8d3bbdc05b4c019aa11312d3189c5a0461bf6776a	n/a
2023-10-24	n/a	exe	14318a0f264dc7d82429c2175fa4899f388305b792e291f8f94e437477d09bbd	29.17%	AgentTesla
2023-10-23	n/a	exe	b868d7a2a78e9436fc3675c1ddbcfa1eda4d73926a856acd36e54f9e5b09fba5	40.85%	AgentTesla