URLhaus Database

You are currently viewing the URLhaus database entry for http://185.215.113.19/lava/ramos.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3099831
URL:	http://185.215.113.19/lava/ramos.exe
URL Status:	Offline
Host:	185.215.113.19
Date added:	2024-08-10 14:20:10 UTC
Last online:	2024-08-13 22:XX:XX UTC
Threat:	Malware download
Reporter:	abus3reports
Abuse complaint sent (?):	Yes (2024-08-10 14:21:08 UTC to automatic-abuse{at}eliteteam[dot]to)
Takedown time:	3 days, 7 hours, 46 minutes (down since 2024-08-13 22:07:29 UTC)
Tags:	Amadey exe MarsStealer Stealc

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-08-13	n/a	exe	451485236a5216e3a0a6b13a4920b1bdec6492155aa174e935ea47fb39c70cf0	n/a	MarsStealer
2024-08-13	n/a	exe	5e3693da9c31c8a30d94108f194151c34f84f5d929ea57496457a999454eac3a	n/a	MarsStealer
2024-08-13	n/a	exe	e1cd86475b4579281db0dab6b3210c43b646b1c4315b911e80984c1631d5a75b	n/a
2024-08-13	n/a	exe	a780c449f96bda054608295ffea947a172da275c297ba3b843d3deddf1e13379	24.32%
2024-08-13	n/a	exe	acc4b959ba4a0c4aff61ce1b21a86f80ff19b4b409880ddef71f1442bb48b1fc	n/a	MarsStealer
2024-08-13	n/a	exe	0e6d019812acf9d9d18a079aadaef1dd98570c58ccff863e547882f6b93fed3d	42.67%
2024-08-13	n/a	exe	f0c6aefdd4087c7ac8d596062cba942d24261c332d3025c52240a497fba25390	41.89%	MarsStealer
2024-08-13	n/a	exe	600846117a4b32774334b1d3a4b3e63074c98d8e28c91a500d4f0c616079af98	42.67%
2024-08-13	n/a	exe	f168d829bfa81cd14cd581932a238f909e8074967bf4ed9dda4d1e0dc10c0447	n/a	MarsStealer
2024-08-13	n/a	exe	0d5f4785f4ebed263bd6856de74b4f91390f9c7cff98695e4e4c36a9ed6dd740	40.00%	MarsStealer
2024-08-13	n/a	exe	6bbb8066736121adf75dd02bafd0444ff2be56446658bee21799f07ec8e19db3	38.67%
2024-08-13	n/a	exe	4e4c30b66734212fd66c51375321eabbbe98534a1529b5f3890a6b36f8be6959	38.67%
2024-08-13	n/a	exe	b7fc4aa9feba9ee8c2307ec6d55b9010b9e8d2a50b2949dcd02cb6f6c3f7eece	37.33%	MarsStealer
2024-08-13	n/a	exe	716adca783f9f5a436824c97b95a275c89f99362874ff4b31d7d56e650875b05	36.49%	MarsStealer
2024-08-13	n/a	exe	f51efa35e30b84088134463e05f8daf7d2c72e71e9eceade9c2c7f4ed2ab14db	37.33%	MarsStealer
2024-08-13	n/a	exe	391183be68c6952e6f1c4ab989bffd2e135ff93ece60093bcb0acb2f7934122d	n/a	MarsStealer
2024-08-12	n/a	exe	f7d459713dcaccd6cea4d4689d877ab373cc6c918ab927dbc7bef884d61b1b88	36.00%	MarsStealer
2024-08-12	n/a	exe	473a4e08862bdc71190b5bab942c06e6ff6b39aaa4f9b0bb094448230b7fa661	36.00%	MarsStealer
2024-08-12	n/a	exe	9c1d3225bd4fbf97f92a510332639925b9d4613abcdf2171c3e95bb00956cd43	34.67%	MarsStealer
2024-08-12	n/a	exe	ef9551304231e11b4287abc18a0f446ae6b53276e666ed2a532d69ea8af360fc	34.67%	MarsStealer
2024-08-12	n/a	exe	6d72842cdfa5367b8d12e6fcfde1f1df3e99feb3edcfd152591ec164da40dbe7	34.67%
2024-08-12	n/a	exe	a823ed8e9c412d6d62fa3ad5742054f38b81175dca7604439a8ed06abd55a8aa	33.33%	MarsStealer
2024-08-12	n/a	exe	233242461151e3db4468f69c3aa9d9075053b62879539777a63257ba08e816f5	32.35%
2024-08-12	n/a	exe	310fa50605c7ccc7fae67c61317e68a4726032897553cbc5d391f55b034a4923	33.33%
2024-08-12	n/a	exe	0f862bc614b4dfb20acadf5ceca90f2a552254e44f8c5447e3cd569027d82fea	33.33%	MarsStealer
2024-08-12	n/a	exe	75f9aefb7b5864781c797183e1d262371e908005ba5068b37a2599cfbf826a3f	30.67%	MarsStealer
2024-08-12	n/a	exe	a79e0fb18a1e833fcdd3d4165b8081b2bff4194fb286cf22807327cd9287a979	33.33%	MarsStealer
2024-08-12	n/a	exe	1059153613335fe7846a345864fdc35db9e32f1c2005701686d1d92a04356013	29.73%
2024-08-12	n/a	exe	8db16e7067e8cfaa6be4db8ce9b0a65da1072deeb22a238ff0f218260243c395	29.33%	MarsStealer
2024-08-12	n/a	exe	c607af07435b71602537fbe78096da145867130ab1dd1e33f0c3a4bda2524217	27.78%
2024-08-12	n/a	exe	b32fc9ca2e28addae1dcc7c06b625a2d159e1a5f07566c3a5aa5b771e045a165	27.03%	MarsStealer
2024-08-12	n/a	exe	a3881555a7f5df937c27be929831d5d8fdbde2873c40982f86c9499fe2424553	28.00%	MarsStealer
2024-08-12	n/a	exe	1b95324eca854fc3023eb9223ee8fdbf380eed5c705c5a1d5ef2f9515b79b619	26.39%
2024-08-12	n/a	exe	a495a730cbb5eaa4bca30fe6dad501e7c8d2aeb1754b5686a8f94619c5e5c313	26.67%	Stealc
2024-08-12	n/a	exe	bdf3491c9a75b80277746b1d6c105da79a3b5fba637236b87dd4af15af33e3b2	24.64%	MarsStealer
2024-08-11	n/a	exe	f5900d2b8f327449e394957490587245da74de272dbe332defc91a2808ac909a	20.90%
2024-08-11	n/a	exe	fc330820899d3b38c7267818e1603b11c5e66b93a7ff5ec649f2ce033c1e3b66	25.33%	Stealc
2024-08-11	n/a	exe	4f7960f37de2ce8bf6bccb20b2697781b38088fe7b412f28cafb694e4f8e56d1	50.00%	Amadey
2024-08-11	n/a	exe	0fbe1dde7c946596741578b806ddef938bc3de8910da4592c348cf0d7ec76710	50.67%	Amadey
2024-08-11	n/a	exe	cb0ab6b91961d6fe70908c74e9d5c441f7abf6d1e436865a4f54aaf0140b0e22	50.00%	Amadey
2024-08-11	n/a	exe	eb14f0f5b5f734d8a5975e8d58a159afbe8aabda4b6d25ea3b54260da04542b9	57.33%	Amadey
2024-08-11	n/a	exe	ff1bcd0c50bbf3e506d84ebebdf46a49a0354bcb00e9d7fcc31dcb4f6feefb0e	50.77%	Amadey
2024-08-11	n/a	exe	03aedf4dc66d8abda28ce310a066e4ddad15928662a75eca6605c2afa28734f3	50.00%	Amadey
2024-08-11	n/a	exe	f621838d2422dea5631cb1dc149175debf4dedf642976b6fe880e6719efb972b	45.83%	Amadey
2024-08-11	n/a	exe	037a17ec8da447ef34db32ca4fc85fb11f9e96c86a84590469e1c0a541220b32	52.00%	Amadey
2024-08-11	n/a	exe	92fcfefa4fc457a4ec727f8683fa710b67dd57eece0ab00bf265891e024e9b97	52.00%
2024-08-11	n/a	exe	4e5a7df168270d5bfd2491582da2a10c921cf04b1b5daed922af9c8bce20f4ce	50.67%	Amadey
2024-08-11	n/a	exe	539d2a7cd76ee04976ed5ae04ff9bebd67a383a50dba626da4594be64e1b5b87	52.70%	Amadey
2024-08-11	n/a	exe	3e2530bc368b425a9dbc70d9d7b1ea1586af1a1e8a92ac72d375d72e32f1c553	52.00%	Amadey
2024-08-11	n/a	exe	c24503ee77a58254a4f07310900efb2411c44b6852b83de137d50023c7c0c414	51.35%	Amadey
2024-08-10	n/a	exe	3b1d6e7f53b18c7b220d7017d996716e071ec4616d15cd117d7fc2d6fac0bdc5	53.33%	Amadey
2024-08-10	n/a	exe	a5bcb19eef5f5506fbd70b2e6ae31409d8e1affd86b2a002cdd09c262ee6bb08	48.00%	Amadey
2024-08-10	n/a	exe	259930c22bc3c592893b6604fdde6233a1650ce131737a70ab6c66c69a8305cd	54.67%	Amadey
2024-08-10	n/a	exe	7e1aef3668f83b29cacc1ec2240611324de5edb51f6a32ac0df5b7cdd26684ff	54.67%
2024-08-10	n/a	exe	08ee504fa2b44c1152b8bc2e345b9394bc3393261f10651bcf98313f4a1b762e	51.35%	Amadey
2024-08-10	n/a	exe	12a3a4d3572954aacd37dd7b0a32e1380b9bf7570b65a63f644ace6f181b6ee9	53.33%	Amadey
2024-08-10	n/a	exe	3ad67f5c98e35513e0b7e50d3957f5665d0d807a167b5318b22e7137c38c377d	54.05%	Amadey