URLhaus Database

You are currently viewing the URLhaus database entry for http://5.42.65.64/files/US.file which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2819456
URL: http://5.42.65.64/files/US.file
URL Status:Offline
Host: 5.42.65.64
Date added:2024-04-20 10:53:06 UTC
Last online:2024-06-27 16:XX:XX UTC
Threat:Malware download Malware download
Reporter: Xev
Abuse complaint sent (?): Yes (2024-04-20 10:54:07 UTC to abuse{at}lethost[dot]co)
Takedown time:2 months, 8 days, 5 hours, 31 minutes Bad (down since 2024-06-27 16:26:04 UTC)
Tags:connectwise LummaStealer

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2024-05-09n/aexe b856131a48d5e74731e4886008c1a46ba42553c282a5cb1d0c5bf6288e6603d9n/a LummaStealer
2024-05-08n/aexe a3a4d0f984693a13a21bd920bb133dc16b5dab2a761c93275d716fcbbc5b35b7Virustotal results 47.89% LummaStealer
2024-05-08n/aexe 197aaacf854d87e4cf438f1cb0ffe00c04d2a7e7540b3dc4b47c574f367bf195n/a LummaStealer
2024-05-05n/aexe aeb936b1b73818891c10ea5648871ecdc91cf4dd500cf38da1899896bf41e8fdn/a ConnectWise
2024-04-29n/aexe 1ff28ff88864b162993afd1405fce2ad4143c932f62d9663cb92513e0b88ed5an/a 
2024-04-24n/aexe ea762a5ca1369f3e8f4c6d2468084f72e029add079fbe2c9e091c1387e9b2284n/a LummaStealer
2024-04-23n/aexe e9998f5cb91b6066c279c1c7d0ac84abb288981897dcc5328d11e882d3d53b57n/a 
2024-04-20n/aexe d55e86610dcad29c3d2857d9dae91aa51228b1fa001ea2d7bda88b9a2b5570a9Virustotal results 40.00%