URLhaus Database

You are currently viewing the URLhaus database entry for https://changeswithflowers.shop/current.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2820318
URL: https://changeswithflowers.shop/current.exe
URL Status:Offline
Host: changeswithflowers.shop
Date added:2024-04-21 06:40:09 UTC
Last online:2024-04-21 11:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: Bitsight
Abuse complaint sent (?): Yes (2024-04-21 06:41:05 UTC to abuse{at}sunhost[dot]ltd)
Takedown time:5 hours, 9 minutes Good (down since 2024-04-21 11:50:35 UTC)
Tags:dropped-by-PrivateLoader LummaStealer

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2024-04-21n/aexe f6724bdd5e908cd5c0dd8a3b4ff26125d2d4683ced75453a902612ba448f4dedVirustotal results 40.85% 
2024-04-21n/aexe f1c35a47842119856e0067aa4b390cdce620b3d69262266a9923278fbac15ff8Virustotal results 40.00%LummaStealer
2024-04-21n/aexe 58514c9f457ef7389dea754163672f1b822fe211dfaf24cab313049cb3bd0f60Virustotal results 43.08%LummaStealer
2024-04-21n/aexe 07f56f9d4a21eb65c788a9a423af9205b01d2792563d6965ff8cb814be822524Virustotal results 46.48%LummaStealer