URLhaus Database

You are currently viewing the URLhaus database entry for http://185.215.113.13/shama/leon.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3110435
URL:	http://185.215.113.13/shama/leon.exe
URL Status:	Offline
Host:	185.215.113.13
Date added:	2024-08-16 14:54:34 UTC
Last online:	2024-08-17 08:XX:XX UTC
Threat:	Malware download
Reporter:	abus3reports
Abuse complaint sent (?):	Yes (2024-08-16 18:28:07 UTC to automatic-abuse{at}eliteteam[dot]to)
Takedown time:	14 hours, 19 minutes (down since 2024-08-17 08:47:22 UTC)
Tags:	Amadey exe

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-08-17	n/a	exe	2f7e7ee507e2528bbe2e40d9c4f457c88c7470e24c3e0004f7b80d606b0b15e2	49.33%	Amadey
2024-08-17	n/a	exe	5513ee6944358057261c95a3aa85ff68acd553606fdc16dadc298194bb4a4a6c	52.70%	Amadey
2024-08-17	n/a	exe	911dc85d7fd3d35fba06bf5a45c2580e1f6b369825691e8bcf63cd8f2021d2c5	50.00%	Amadey
2024-08-16	n/a	exe	c24565a0dea08f0b17f554aad25b25d041269170b7ca37d329181722a51910d4	40.54%
2024-08-16	n/a	exe	a461967992546a3e48e43fa5c32a600bcab1940474b72209e64329050e0a3ebf	32.43%