URLhaus Database

You are currently viewing the URLhaus database entry for http://15.204.38.240/files/InstallSetup2.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2781349
URL:	http://15.204.38.240/files/InstallSetup2.exe
URL Status:	Offline
Host:	15.204.38.240
Date added:	2024-03-12 11:03:07 UTC
Last online:	2024-03-18 13:XX:XX UTC
Threat:	Malware download
Reporter:	zbetcheckin
Abuse complaint sent (?):	Yes (2024-03-12 11:04:06 UTC to abuse{at}ovh[dot]net)
Takedown time:	6 days, 2 hours, 46 minutes (down since 2024-03-18 13:50:36 UTC)
Tags:	64 Amadey exe Stealc

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-03-18	n/a	exe	c54dec8c6c088c7b13267214dbc9ecb2f1e7aa3883e5bc4abe80accc83d32131	n/a	Stealc
2024-03-15	n/a	exe	5601c6c97ab6e5bf0e6b5550c4bf067366e9d1b9f202e345b7fdfdd17f3a0486	n/a	Stealc
2024-03-14	n/a	exe	540a78159878e8c97bb15530b7a1959b3f5b407f2adbf3ffded92daf51fc24bf	n/a	Amadey
2024-03-13	n/a	exe	e0e4c0197377c86f94470fb39e1641f4ffa39c85a7729eb1b5dc17a2edbf2655	n/a	Stealc
2024-03-12	n/a	exe	ab7237aba6c89c09aeaf5111575614041aafc280f2461f3e669195ce6943e4e1	25.00%	Stealc