URLhaus Database

You are currently viewing the URLhaus database entry for http://185.215.113.16/lava/ramos.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3099686
URL:	http://185.215.113.16/lava/ramos.exe
URL Status:	Offline
Host:	185.215.113.16
Date added:	2024-08-10 13:03:05 UTC
Last online:	2024-08-13 21:XX:XX UTC
Threat:	Malware download
Reporter:	Bitsight
Abuse complaint sent (?):	Yes (2024-08-10 13:04:10 UTC to automatic-abuse{at}eliteteam[dot]to)
Takedown time:	3 days, 8 hours, 3 minutes (down since 2024-08-13 21:07:30 UTC)
Tags:	Amadey dropped-by-PrivateLoader MarsStealer

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-08-13	n/a	exe	5e3693da9c31c8a30d94108f194151c34f84f5d929ea57496457a999454eac3a	n/a	MarsStealer
2024-08-13	n/a	exe	e1cd86475b4579281db0dab6b3210c43b646b1c4315b911e80984c1631d5a75b	n/a
2024-08-13	n/a	exe	651174347d8f810be48fd61e789920bea5bfe9c70e1293ce58dc9ad20a3b4302	n/a
2024-08-13	n/a	exe	a780c449f96bda054608295ffea947a172da275c297ba3b843d3deddf1e13379	25.33%
2024-08-13	n/a	exe	9ae91e0bb30f86d225265b6ab0c91d845e7db03635d108cdf05f88c6647d5066	28.00%	MarsStealer
2024-08-13	n/a	exe	6489ec1bbec01a66752c9a08ade27b3930ddeb9636806bef465c41c313f8541b	28.00%
2024-08-13	n/a	exe	f688f02fe7abd13ff0b399cf8b2dd01c0837a57de82fad4eb3eb7b077e5eba2f	22.67%
2024-08-13	n/a	exe	0e6d019812acf9d9d18a079aadaef1dd98570c58ccff863e547882f6b93fed3d	42.47%
2024-08-13	n/a	exe	91d9fba928495bca8f19441c28977849a301ed9a886beb051e11d0118bdb3312	42.67%
2024-08-13	n/a	exe	d13191bb6eddfb3eedb728069c3f656b752f5e895c3028d3a801e5c4773151e1	43.28%
2024-08-13	n/a	exe	15392e9534972dcc5f08f4142b27c244ed0390bcd2edd02c13142e297ef300d8	39.19%	MarsStealer
2024-08-13	n/a	exe	6bbb8066736121adf75dd02bafd0444ff2be56446658bee21799f07ec8e19db3	n/a
2024-08-13	n/a	exe	4e4c30b66734212fd66c51375321eabbbe98534a1529b5f3890a6b36f8be6959	38.67%
2024-08-13	n/a	exe	28a50dad1d2638662e589e8cf4fb047e6ede95003eb1f006d3e9b1805d0b6171	37.33%	MarsStealer
2024-08-13	n/a	exe	02b1ede9f8dcb150d797fb6e6bcc1420e91b565b80e14f0bf5a1c37324b511ba	36.49%
2024-08-13	n/a	exe	fd49efadc4c19544493788e57a9433cbb89b740ed4a20e5c7b969dcbcbb853c6	37.33%	MarsStealer
2024-08-12	n/a	exe	969955d9e572c881305f45cc2d29a4a75ef3f8ef50eb86ed9354967502614b7e	37.33%	MarsStealer
2024-08-12	n/a	exe	a5105e830cde1a2cd8b5464114e3684b7c71b4680122918e6e213d86cb62b59f	36.00%
2024-08-12	n/a	exe	ac5951159e92d5939a3427c00d0ccfb8e3a801a7e319c5e4efebdc1dfc04114c	37.50%	MarsStealer
2024-08-12	n/a	exe	2cd760b4f27be4801e5f317c4d1177f42cc39281d505b2f16aef8e3b67bc7fec	33.80%	MarsStealer
2024-08-12	n/a	exe	83890cbc687e678653b1a67c6affb59a37dca660ad16c6d4f39dff8669aa6b3f	37.33%	MarsStealer
2024-08-12	n/a	exe	be73a4c26b1d4692bbda9d9291388ceed5e00812d7d979212727bb166e529cea	33.78%
2024-08-12	n/a	exe	6f8bb2f210e76d0fb8bd0995c574f59eb9f212126b44eda9763462acede9f1c1	33.33%
2024-08-12	n/a	exe	233242461151e3db4468f69c3aa9d9075053b62879539777a63257ba08e816f5	32.35%
2024-08-12	n/a	exe	310fa50605c7ccc7fae67c61317e68a4726032897553cbc5d391f55b034a4923	31.51%
2024-08-12	n/a	exe	59175d350a414074392c960f01cb6155b6bba20b5d70a318a8ec3f75bb950b18	32.43%	MarsStealer
2024-08-12	n/a	exe	859761552674f1c9d6ed7efa48bf4a055ac85e926935273195a41e37e3d0d4b1	30.14%	MarsStealer
2024-08-12	n/a	exe	1853bd3f53c3bb9d5becd824fc6b556d81b50fe2928265185d273417e7c2716d	33.78%
2024-08-12	n/a	exe	1324093ce475c3b69f495429450ee1a20b9a5f0063d66e223ba59690420a1d2b	29.33%	MarsStealer
2024-08-12	n/a	exe	8db16e7067e8cfaa6be4db8ce9b0a65da1072deeb22a238ff0f218260243c395	29.33%	MarsStealer
2024-08-12	n/a	exe	2583aefb7ee820e443700a184aeef747f8bf2580d163ee0e0992811b6bd9305c	30.14%
2024-08-12	n/a	exe	c607af07435b71602537fbe78096da145867130ab1dd1e33f0c3a4bda2524217	27.40%
2024-08-12	n/a	exe	28d041b7563a72b7a72c052cac21543d4cfd487a0fc80023135a531e967d33b2	n/a	MarsStealer
2024-08-12	n/a	exe	531cbb2c4dbaaea781ad6798ce36c7ce254c8f88a892dc42ee0aaed205e1a73d	27.03%	MarsStealer
2024-08-12	n/a	exe	fbeddc0452349057edff5f807467cc61aca08eaaaa39218e8920821755dcdeb8	26.67%	MarsStealer
2024-08-12	n/a	exe	bdf3491c9a75b80277746b1d6c105da79a3b5fba637236b87dd4af15af33e3b2	24.64%	MarsStealer
2024-08-11	n/a	exe	ad2161a16cf84f3f620a8c3081f6ffb1ffcecb4ce94062fed203e7e32ce71644	25.33%
2024-08-11	n/a	exe	b975b46625647ecb01ced474aa8a4c7c8f2f85c52c3915e2f7df4f1f811559df	25.33%	MarsStealer
2024-08-11	n/a	exe	b4854696ca26191a8d6f459c73686e9d00a5987e399ad74e90cd3308313b10c1	25.33%
2024-08-11	n/a	exe	4f7960f37de2ce8bf6bccb20b2697781b38088fe7b412f28cafb694e4f8e56d1	50.00%	Amadey
2024-08-11	n/a	exe	72df5386e8068c7c3f57124dae8b28411c270b56bb050d80c7db300f8993cbde	n/a	Amadey
2024-08-11	n/a	exe	0fbe1dde7c946596741578b806ddef938bc3de8910da4592c348cf0d7ec76710	50.67%	Amadey
2024-08-11	n/a	exe	cb0ab6b91961d6fe70908c74e9d5c441f7abf6d1e436865a4f54aaf0140b0e22	50.00%	Amadey
2024-08-11	n/a	exe	820eb51fcd8ed30b2b30cb8b90a42f7e8d88dd0fb75b646c42ac82e05c8cbd97	47.83%	Amadey
2024-08-11	n/a	exe	ff1bcd0c50bbf3e506d84ebebdf46a49a0354bcb00e9d7fcc31dcb4f6feefb0e	50.77%	Amadey
2024-08-11	n/a	exe	03aedf4dc66d8abda28ce310a066e4ddad15928662a75eca6605c2afa28734f3	50.00%	Amadey
2024-08-11	n/a	exe	037a17ec8da447ef34db32ca4fc85fb11f9e96c86a84590469e1c0a541220b32	52.00%	Amadey
2024-08-11	n/a	exe	92fcfefa4fc457a4ec727f8683fa710b67dd57eece0ab00bf265891e024e9b97	52.00%
2024-08-11	n/a	exe	4e5a7df168270d5bfd2491582da2a10c921cf04b1b5daed922af9c8bce20f4ce	50.67%	Amadey
2024-08-11	n/a	exe	539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87	52.70%	Amadey
2024-08-11	n/a	exe	3e2530bc368b425a9dbc70d9d7b1ea1586af1a1e8a92ac72d375d72e32f1c553	52.00%	Amadey
2024-08-11	n/a	exe	c24503ee77a58254a4f07310900efb2411c44b6852b83de137d50023c7c0c414	51.35%	Amadey
2024-08-10	n/a	exe	3b1d6e7f53b18c7b220d7017d996716e071ec4616d15cd117d7fc2d6fac0bdc5	53.33%	Amadey
2024-08-10	n/a	exe	a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08	48.00%	Amadey
2024-08-10	n/a	exe	259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd	54.67%	Amadey
2024-08-10	n/a	exe	08ee504fa2b44c1152b8bc2e345b9394bc3393261f10651bcf98313f4a1b762e	51.35%	Amadey
2024-08-10	n/a	exe	12a3a4d3572954aacd37dd7b0a32e1380b9bf7570b65a63f644ace6f181b6ee9	53.33%	Amadey
2024-08-10	n/a	exe	e13ae7c90a4db4542a59eddfe1c9f782734f38c10afdc7af5d9af8643de71d64	n/a	Amadey