URLhaus Database

You are currently viewing the URLhaus database entry for http://89.197.154.116/Utility.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3088362
URL:	http://89.197.154.116/Utility.exe
URL Status:	Offline
Host:	89.197.154.116
Date added:	2024-08-04 13:01:06 UTC
Last online:	2025-06-16 11:XX:XX UTC
Threat:	Malware download
Reporter:	zbetcheckin
Abuse complaint sent (?):	Yes (2024-08-04 13:02:09 UTC to service{at}transworldcom[dot]com)
Takedown time:	10 months, 15 days, 22 hours, 24 minutes (down since 2025-06-16 11:26:49 UTC)
Tags:	64 Cobalt strike CobaltStrike exe

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-04-28	Utility.exe	exe	eba5e9b6c620f7e9bdc1edaa695203f0a3d551b6049c0ad8a52775ba9b07e196	n/a		CobaltStrike
2024-09-26	n/a	exe	4c039fdb8230ed22010cd3fd84e7c53308bf659c0f26791061c01f0de395553b	n/a		CobaltStrike
2024-09-20	n/a	exe	0d342522ce682b1c2bd832519b3fc0dc04c0f50862327f33ed8f38d7cb6a7b62	59.72%		CobaltStrike
2024-09-16	n/a	exe	9881f416f578c0e68d1bd1465811a46be30fb45a8191ba82d6d9e0a1d5dc839c	n/a		CobaltStrike
2024-09-05	n/a	exe	b070f0417d037130f23cb7ffdf8dd86e7f354d56af525bf2de15bf1991670c82	n/a		CobaltStrike
2024-08-30	n/a	exe	ad008d1f7c53974d3d58368f740692399151bbde3012afc51c0068a088ded712	74.32%		CobaltStrike
2024-08-04	n/a	exe	a9b37a8c3a1a2476a2e44d0dcba2b117bd300983b337af45de92d31881170962	78.38%		Cobalt Strike