URLhaus Database

You are currently viewing the URLhaus database entry for http://103.68.85.20/New/bin.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2749602
URL:	http://103.68.85.20/New/bin.exe
URL Status:	Offline
Host:	103.68.85.20
Date added:	2024-01-19 16:25:10 UTC
Last online:	2024-02-18 22:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2024-01-19 16:26:06 UTC to hm-changed{at}vnnic[dot]vn)
Takedown time:	1 month, 0 days, 6 hours, 28 minutes (down since 2024-02-18 22:54:43 UTC)
Tags:	exe Formbook Loki opendir

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-02-07	n/a	exe	fafeaf9df7ba82322e0a3d33b4edd7ee854fdfe4b3c3cb57253fd7072f1f4134	n/a
2024-01-25	n/a	exe	7eebd84665d5951bb739dd99326b6eb5677cee541b604e6831ba63534bcd94e8	n/a
2024-01-25	n/a	exe	f62de2f1a6d9798f4278ab073890c06f8a1027c216d3c02dbc4c84ff84c4ee72	n/a	Formbook
2024-01-23	n/a	exe	2ce5c35b6e4effb5c1165d6f60e8d7c73eade7476e94de7690168c65b3b41005	n/a	Loki
2024-01-22	n/a	exe	b9aaa26ccebfa445730bae5f60080ce6d019a91997cafa73ad5532c27a29f72a	n/a	Loki
2024-01-19	n/a	exe	41c452f4ba12f523916ad3390d3711d9d6c05a7c698a83a890095a8c722249a5	56.72%	Formbook