URLhaus Database

You are currently viewing the URLhaus database entry for http://185.172.128.19/latestrocki.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2748988
URL:	http://185.172.128.19/latestrocki.exe
URL Status:	Offline
Host:	185.172.128.19
Date added:	2024-01-16 09:20:14 UTC
Last online:	2024-01-28 16:XX:XX UTC
Threat:	Malware download
Reporter:	zbetcheckin
Abuse complaint sent (?):	Yes (2024-01-16 09:21:09 UTC to abuse{at}tnsecurityl[dot]ltd)
Takedown time:	12 days, 7 hours, 29 minutes (down since 2024-01-28 16:50:53 UTC)
Tags:	32 exe RiseProStealer Stealc

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-01-27	n/a	exe	ccc1b08a35d280181bc0bc35b33a28424528b2fd26bf1cd108d12bbbb028f40c	n/a	Stealc
2024-01-23	n/a	exe	9587bda655a2dc730e4bdbd7de5ab39bc37de697fe22f449a6b2f851adaedfb8	n/a	Stealc
2024-01-21	n/a	exe	1cf4a4b0f9432f78cd76b30cf8e6070d2d49b70d42ec4e2192da86d09a0a02fa	n/a	RiseProStealer
2024-01-19	n/a	exe	6369f6e4a8398cccbbebef2ae7078834d3f92d499257a59b4f9142bd5b079057	n/a	Stealc
2024-01-16	n/a	exe	07c186039358d2ae58c48a251366b0aed237339667290772f42c479f41e6c498	n/a	Stealc
2024-01-16	n/a	exe	7307d795569537cef259606c48234c9db61ed7786eefe8151e89d369408308a1	63.77%	Stealc