URLhaus Database

You are currently viewing the URLhaus database entry for http://193.233.132.167/cost/ohara.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2787747
URL:	http://193.233.132.167/cost/ohara.exe
URL Status:	Offline
Host:	193.233.132.167
Date added:	2024-03-20 14:35:13 UTC
Last online:	2024-03-22 13:XX:XX UTC
Threat:	Malware download
Reporter:	vxvault
Abuse complaint sent (?):	Yes (2024-03-20 14:36:06 UTC to abuse{at}sunhost[dot]ltd)
Takedown time:	1 day, 22 hours, 45 minutes (down since 2024-03-22 13:21:40 UTC)
Tags:	exe RiseProStealer

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-03-22	n/a	exe	cb870bfb69fa41863afebb912d6535a3a18cbe8d47868fb2e15e57822f7e11d1	34.72%	RiseProStealer
2024-03-21	n/a	exe	68564a7b596240ba2f0e91e8bd83340f6ce4abf9eaf2b396bb37b0d7636fc7d3	n/a	RiseProStealer
2024-03-21	n/a	exe	811cc5a58a09827470238b27351013edfbf1d2b96236349dc833c697b70de03e	n/a	RiseProStealer
2024-03-21	n/a	exe	65f59360b67408ea6c7abf7b791c8802c3fd6eb702fc65815570da6363f62d71	33.33%	RiseProStealer
2024-03-20	n/a	exe	6e9b3e026228da2ad904e04d0b1af64f831f2bb91f37aab770159e343d31acb0	42.25%	RiseProStealer
2024-03-20	n/a	exe	72bdfcbf6f43df60ce7f69fd246ce880f6e825f563226c7228ce172395ab1ef2	47.22%	RiseProStealer