URLhaus Database

You are currently viewing the URLhaus database entry for http://47.98.177.117:8888/supershell/compile/download//1.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	2942725
URL:	http://47.98.177.117:8888/supershell/compile/download//1.exe
URL Status:	Online (spreading malware for 1 year, 9 month, 5 days, 21 hours, 47 minutes)
Host:	47.98.177.117
Date added:	2024-07-07 15:19:36 UTC
Threat:	Malware download
Reporter:	abus3reports
Abuse complaint sent (?):	Yes (2024-07-07 15:20:55 UTC to anti-spam{at}list[dot]alibaba-inc[dot]com,abuse{at}12321[dot]cn,abuse{at}alibaba-inc[dot]com)
Tags:	exe supershell-c2

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-11-18	1.exe	exe	1b9bec8ed7f452027c8b1a33bb1b89b0e10af8342d9c1b8e5a8c6415243e968d	n/a
2025-11-12	1.exe	exe	c24b9a039dab0ee63be8167af4edd7c41e4863ca0b4660984883e4a8ede40a3e	n/a
2025-10-14	1.exe	exe	ffc74d8b1344edfa5e9c69e90449471819c0a62fa6265493a963265f0890d9ce	n/a
2025-05-17	1.exe	exe	3acbe324901f11d887de930981ee197037498513be0994b85624310332346020	n/a
2025-05-08	1.exe	exe	9908b1db5fd17ae12dc3099c2e176d3eb6ef71654b1ab4793b626bc4179f7db0	n/a
2025-03-15	n/a	exe	108ef4e54bf3bffea55c2d3f698dfccf1bf197bae8647cf4dd738d2d52c125a8	n/a
2025-01-28	n/a	exe	f7420450b66784fd8c8600940f2abf86fc4b9bc5550ca7c3afdcd32f1fe82fd1	n/a
2024-09-13	n/a	exe	708fe1e2ae72db92e3a9b025ab15488788b6d252a1cfa2f00016422da63a7a0e	n/a
2024-07-07	n/a	exe	9cf676141b7d305df5a9237c01e15138246392b0941657b55b3427776b7899d3	26.03%