URLhaus Database

You are currently viewing the URLhaus database entry for http://91.215.85.223/ghjk.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2757872
URL:	http://91.215.85.223/ghjk.exe
URL Status:	Offline
Host:	91.215.85.223
Date added:	2024-02-07 06:47:09 UTC
Last online:	2024-07-15 12:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2024-02-07 06:48:06 UTC to abuse{at}pro-spero[dot]ru)
Takedown time:	5 months, 9 days, 6 hours, 9 minutes (down since 2024-07-15 12:57:13 UTC)
Tags:	CoinMiner exe opendir Rhadamanthys zgRAT

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-07-08	n/a	exe	33682e861b76b0ae22b7361f5b59bb7e69b95e69480156714f01e7044408b546	18.84%	Rhadamanthys
2024-06-27	n/a	exe	4a69a64d652063b65cfe7f7ad5e54491b06547c783d74147c79cb9145536cf26	15.28%
2024-06-26	n/a	exe	c04200d5cf07683046a213f28b227e5333d32de291dd448c4cb9bea5bafc76b8	13.89%
2024-06-26	n/a	exe	f567eb23dd95fe66f925bce074253f46263b0916de62d8850dd8c3ac35efc72e	13.70%
2024-06-26	n/a	exe	a2e4f1eead7d430cf08d33e04c48adb2af23b71ec4c633bc6b88d870c1d61a56	11.94%
2024-06-26	n/a	exe	8491781afed15ad4fa80b176c3516cd3b44e7880a559ab22899b216be74cec48	13.70%
2024-06-26	n/a	exe	47a817f85453e16e52d201810fd5a719a1fcb01c49dfd350a2fc36fef42ac442	12.68%
2024-06-26	n/a	exe	24f6c1b06912c2d8d46c6ac10737fd8efaaf7d18b227279f9dae584a5625c0c6	12.33%
2024-06-26	n/a	exe	f1a3575752ad9f9ed80f361cda52efb5b46a8cc15a23b2c047d1f146008128fe	n/a
2024-06-26	n/a	exe	8c13fdcfeb87abd390f487e9d51d7edcdd6073951a5f96e5c0b1f7d899874932	n/a
2024-06-23	n/a	exe	7ccfae8644c3bc7439b88f2dc0de06bb5082de09b0bf5e143de17487ff252224	32.43%	Rhadamanthys
2024-03-27	n/a	exe	432747c04ab478a654328867d7ca806b52fedf1572c74712fa8b7c0edb71df67	29.17%	CoinMiner
2024-03-20	n/a	exe	92c75a66c55055cc491cb67c5f78ce0a8801378aacf0563711668507060cbf0b	n/a
2024-03-19	n/a	exe	2639d965fca58172ca33858988ae9ea155730cd0a85c1149e8a644c8bcfcd53b	54.79%
2024-03-18	n/a	exe	77db327f57198279e8e92a183a8ac25a77945bbf06d68a570e454e0ab406b88d	58.90%
2024-03-18	n/a	exe	bf5e4b484ba311bbc831c2a38b18d9c2cf933cfc27a47cb58aadfa575e7d0849	n/a
2024-03-17	n/a	exe	be73738191878fdc49c8994b60069df39e835b6bae6a4a8ded041c87b8514e1d	43.06%
2024-03-17	n/a	exe	97d8cba73635f578075a0db85c054fc5a87e6f812c31d8b783908b4e19b04796	n/a
2024-03-17	n/a	exe	2071a7b7465e013013cffebb4e8a8d9aef8a244a021d16f5ae6bf7028ea072a2	n/a
2024-03-15	n/a	exe	6f07f3f96d5804e87e9e4f83140033c414ce5da4d9ef7b06a19f35598cbb0f66	n/a
2024-03-15	n/a	exe	b905bedeb0189ea6b726d08ea44a3603942ec1c66a06de4cb0c1a25296eccc81	n/a
2024-03-14	n/a	exe	5d0cdcff078872223a375c81a63b68cdcf35733487cd33f3976ddaa1216e3160	n/a
2024-02-07	n/a	exe	217fbf967c95d1359314fcd53ae8d04489eb3c7bdc1f22110d5a8a476d1fc92e	77.78%	Rhadamanthys