URLhaus Database

You are currently viewing the URLhaus database entry for http://194.49.94.67/files/123.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2728668
URL:	http://194.49.94.67/files/123.exe
URL Status:	Offline
Host:	194.49.94.67
Date added:	2023-11-06 21:26:09 UTC
Last online:	2023-11-12 20:XX:XX UTC
Threat:	Malware download
Reporter:	zbetcheckin
Abuse complaint sent (?):	Yes (2023-11-06 21:27:06 UTC to madhost{at}tutanota[dot]com)
Takedown time:	5 days, 22 hours, 45 minutes (down since 2023-11-12 20:12:30 UTC)
Tags:	32 exe glupteba Smoke Loader Vidar

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2023-11-12	n/a	exe	c51aaa79c1b366d6a034a655731b2dae93fb26c82250fd6122376348c9c1b956	n/a
2023-11-11	n/a	exe	7a32a5a6c5026b28050ee059ea20505cb3d6d214be8b24a7458141044a173b08	n/a	Glupteba
2023-11-11	n/a	exe	15a22e03cc3aae1f04206d530289fbac71eaaf03a74e018f23dc48bcbd41554b	n/a
2023-11-10	n/a	exe	a6d9fe603fd005b5fa8e29eeb04e8b312a8083f58f38ec4367faf1bf6a6ce2dd	n/a	Smoke Loader
2023-11-06	n/a	exe	916eee1fff3ef0a6927be3c4f6f8cd5b6a7f59d024ae681606bf4659b98e809f	27.78%	Vidar