URLhaus Database

You are currently viewing the URLhaus database entry for http://5.42.96.78/files/Isetup2.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	2845735
URL:	http://5.42.96.78/files/Isetup2.exe
URL Status:	Offline
Host:	5.42.96.78
Date added:	2024-05-10 16:35:18 UTC
Last online:	2024-05-21 08:XX:XX UTC
Threat:	Malware download
Reporter:	Bitsight
Abuse complaint sent (?):	Yes (2024-05-10 16:36:08 UTC to abuse{at}sunhost[dot]ltd)
Takedown time:	10 days, 16 hours, 7 minutes (down since 2024-05-21 08:43:50 UTC)
Tags:	CoinMiner dropped-by-PrivateLoader Stealc

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-05-17	n/a	exe	4ea1ba89caf3d2c01cb65b9b56c0ec569a975df788572aa6a95537b546f3a2fc	13.70%	CoinMiner
2024-05-16	n/a	exe	eb28b0824e287f2ce81c39f94f98399df3aad26f9209511d56ecf01ae1eb707d	10.96%
2024-05-15	n/a	exe	4de85b9190ad870f96dacbfbf38bf0f2c9816e0f03e326d5c4fe6cdb4588b878	9.59%
2024-05-14	n/a	exe	2b2ac834ce580b63ad8eae3e117dca50ea605e64dd2d9a8c1cfd8fd2ba204bd9	n/a
2024-05-11	n/a	exe	6ce58ea4e366d9575278e042f1d4ccbc4cc01ba789a5aae0d1952e783571b8e4	2.78%
2024-05-10	n/a	exe	a0e3a64e0e6aee3370ccbbca59f8ae0b34be674963c1dabe14926b24fdcae7d0	n/a	Stealc