URLhaus Database

You are currently viewing the URLhaus database entry for http://5.42.64.17/files/Uni400uni.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2812590
URL:	http://5.42.64.17/files/Uni400uni.exe
URL Status:	Offline
Host:	5.42.64.17
Date added:	2024-04-15 05:51:05 UTC
Last online:	2024-04-26 06:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2024-04-15 05:52:05 UTC to abuse{at}lethost[dot]co)
Takedown time:	11 days, 0 hours, 50 minutes (down since 2024-04-26 06:42:41 UTC)
Tags:	exe glupteba opendir Stealc

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-04-21	n/a	exe	b79b3ab665881eadd15b67b9b105db7d99eb091905350a53c6bbc7b91a42cd48	25.35%	Stealc
2024-04-20	n/a	exe	6b7baa1db0d2ed5c12dfb8f289449384ff821110f9b490379c5fcd9190090f4e	28.57%	Stealc
2024-04-17	n/a	exe	b925abb193e7003f4a692064148ffe7840096022a44f4d5ae4c0abb59a287934	11.27%	Glupteba
2024-04-16	n/a	exe	09d272c4183194a8fe293f975affd4033d2a7319c4efae07403170edc16ff50f	12.86%
2024-04-15	n/a	exe	b1bf0f6717341cb605ebf48e85805282b77e5a3d610f211b90e4ec726b448331	34.29%	Glupteba