URLhaus Database

You are currently viewing the URLhaus database entry for http://185.215.113.13/runo/sand.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3081252
URL:	http://185.215.113.13/runo/sand.exe
URL Status:	Offline
Host:	185.215.113.13
Date added:	2024-07-31 17:34:34 UTC
Last online:	2024-08-02 18:XX:XX UTC
Threat:	Malware download
Reporter:	abus3reports
Abuse complaint sent (?):	Yes (2024-07-31 22:09:07 UTC to automatic-abuse{at}eliteteam[dot]to)
Takedown time:	1 day, 20 hours, 0 minutes (down since 2024-08-02 18:09:14 UTC)
Tags:	Amadey exe

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-08-02	n/a	exe	549462b62c2ed08edda8c8575eeb6d7dd7a7f4c3c0aee10a8c213f5b21c33161	52.70%	Amadey
2024-08-02	n/a	exe	8f00598ade87b0757536bf69380b24bcc83b2e73a6465b90b13f91119d66c4ac	52.70%	Amadey
2024-08-02	n/a	exe	40f24b5fb1e0da7c8814390b412309092bc7fd165735a3ceb6fa39a42ce0b494	52.00%	Amadey
2024-08-01	n/a	exe	37d0cb6ddcccfb079df58f606ba8cf159b5819121c8b277485228634a52d6364	50.67%	Amadey
2024-07-31	n/a	exe	70bb45e2d7e0e543a9f751a137da547cd0adac6f3b647796d43b9b259cd6a1e2	50.67%	Amadey