URLhaus Database

You are currently viewing the URLhaus database entry for http://5.42.65.115/files/TWO.file which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2756611
URL:	http://5.42.65.115/files/TWO.file
URL Status:	Offline
Host:	5.42.65.115
Date added:	2024-02-04 16:05:09 UTC
Last online:	2024-03-30 11:XX:XX UTC
Threat:	Malware download
Reporter:	abus3reports
Abuse complaint sent (?):	Yes (2024-02-04 16:06:08 UTC to abuse{at}lethost[dot]co)
Takedown time:	1 month, 24 days, 18 hours, 58 minutes (down since 2024-03-30 11:04:30 UTC)
Tags:	CoinMiner LummaStealer RedLineStealer stop

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-03-29	n/a	exe	d2f956cafb9449291ebb7f7e3db2fe6229840fa29bd57e8ec3bd7cb132e252e4	n/a	LummaStealer
2024-03-28	n/a	exe	c77d20dc2997d81e03fb739c4761ba9dc3b268cde0925e9acc7cc9d0e6d27092	n/a	LummaStealer
2024-03-28	n/a	exe	a2ae4b50476e45ac3ba4da758298e53ca2f6a33e404856bea4e38876d1648cdc	n/a	RedLineStealer
2024-03-27	n/a	exe	d249f95c3125a8e1f8d19be8ba6ba1306164e128b88e3eb53f4d96bae637b61d	0.00%
2024-03-26	n/a	exe	a368072adc99b10613052923bdee3acd6cebf06864e6380e1ce8070fa82f89fb	n/a	LummaStealer
2024-03-25	n/a	exe	7183efecb31edafacb32a91a44b940992000531ab460461b92ac98214eae1882	n/a
2024-03-25	n/a	exe	49e583923a8b8d8417bbf1a013205cc27d111147be2e15a8294acbfaa30bc4b6	n/a	LummaStealer
2024-03-25	n/a	exe	5e9ff2cb475055187510421ba5fca516801026459b72eac50aab065f94380703	n/a	RedLineStealer
2024-03-25	n/a	exe	dcdba0ba671664696e4a4269df34be32f30c6568f14c02027795d13c6203b2cd	n/a	LummaStealer
2024-03-24	n/a	exe	ce7ef5aa93aefb2bc84fc1b745a4bed72d76c5b9e5511cd19e140b10a26e4c92	n/a	LummaStealer
2024-03-22	n/a	exe	6854c0a3bcd23f46a455647c9c438397d821d6e2c864869bbb8e16aeba637b30	n/a	LummaStealer
2024-03-22	n/a	exe	d05f6e05c987a870301e016c073a23bfdfc15f719deeb2d3c8298849cabbd98a	n/a	LummaStealer
2024-03-21	n/a	exe	74317e19667fcc615094bb9b25aa7abc012e90d460db7b6e62c53ae6239fc7fa	n/a	LummaStealer
2024-03-21	n/a	exe	802a2ee9b7b82069de479fd35a2b2bd13ba06b341196f978cd413a67dd7dbe35	n/a	LummaStealer
2024-03-21	n/a	exe	75ef867af9cd2bdedfb976b561344b37b178a60b4833388c3b2e350eba223330	n/a	LummaStealer
2024-03-20	n/a	exe	44950658de5426cbae696ea97e0a134fa15ce5960834141dfd7fae2e0792ca69	n/a
2024-03-20	n/a	exe	c6b10a0712d201b250bc11b62254e2f65ec3c4a8a075972dad030e43f7ca3f12	n/a	LummaStealer
2024-03-20	n/a	exe	f385eb944394d1f6e1f873e9eb428ac60873d54bd5adfd4fdb6935f5654193aa	n/a	LummaStealer
2024-03-20	n/a	exe	02e6261e08e1709b91ee882dd0004412a102320d55086492fe0c2e11b4411d92	n/a
2024-03-20	n/a	exe	10582f5fc3f1825b46b6323a91fb142d3a3e6e2ec1f22b8f2de8549acf94831b	n/a	LummaStealer
2024-03-19	n/a	exe	5b3d5bd9cd1a87dfea00a6abc538c05e5df35e6bc91f35dbb2145efd3f0e0d6b	n/a
2024-03-19	n/a	exe	9cd39dfdf4ea3ccc4fc4712d58f211553b67d2d7ef6c9f116165ec3fc965d8dd	n/a	LummaStealer
2024-03-19	n/a	exe	02b7af9e506566fae3ba0b57f93e4c39bb4f1693cbc1e7a9002d028f33a115b3	n/a
2024-03-18	n/a	exe	fbc01d0f8dbefe2f09421865b84aa19193880c35c722a559022046344a4f647d	n/a
2024-03-14	n/a	exe	d08645919b3eb0caf35b02c3fbb1d35ad8172693c43c5352a0db1ed7dcaafb35	61.11%
2024-03-13	n/a	exe	73b5cf208e431ed810ccbb1801ccb2384a5411657c855be7bde51e7d7b23c108	n/a
2024-03-09	n/a	exe	1346853f0f86fe3d189bf5d4cb1545bbebccfd3781d5a64efb5ee7d812448175	n/a	Ransomware.Stop
2024-03-08	n/a	exe	9f24cff00ff55730e61d9fd9a182f92f272735ba6ce55bc93bdc7ea24424dc42	n/a	Ransomware.Stop
2024-03-07	n/a	exe	cc89ef12884cca7c4964f26396b29f9943671e4aac065806e8b8f7cc2fbb5780	n/a	RedLineStealer
2024-03-01	n/a	exe	4500b0a4b0600684f41475053d7d3282e6a77ea71faaad9991eef2e7e49363a9	n/a
2024-02-28	n/a	exe	cb31f03c14d56a5d6d6dbcb313186ee9ea0b5eef4daf2db961f0468737e4bc9f	n/a
2024-02-27	n/a	exe	691d3df4e41f9c900a2050485cb12461eefa07e40f384e111198efa0d90975ad	n/a	CoinMiner
2024-02-27	n/a	exe	76c290bd84d0edfc6637075ba88cabf19f63c315f64e2b54f670d2e2984d3190	n/a
2024-02-25	n/a	exe	08d291e24d8ef5b1f31e967477bcb919f7147b24d2e48eafee07406d1a6f8694	47.37%
2024-02-17	n/a	exe	8f1b88de3e26420aa653602243b5d82df9db524fb6148d6f993c31684f1d0c5e	n/a	RedLineStealer
2024-02-12	n/a	exe	d3cd4b536efc2e4fff22e55da1f9bb3e09d49a906ac0a21e1a880b7455fbc0cd	n/a
2024-02-12	n/a	exe	d7d0420df99fcbd725c928526195e5d52d55132887d15b006d49f4562b28a3ee	n/a
2024-02-10	n/a	exe	847b6ec494ee3bdad75952a33ec3ecd01f3dea99f902d863bb5f93e37d7151fc	n/a	RedLineStealer
2024-02-08	n/a	exe	4835fecbbc2b930aae3834d4610bfde5a8375e7212ec8e68e4ae0b96de4656ce	n/a
2024-02-04	n/a	exe	d55e86610dcad29c3d2857d9dae91aa51228b1fa001ea2d7bda88b9a2b5570a9	43.66%