URLhaus Database

You are currently viewing the URLhaus database entry for http://31.41.244.12/guba/rama.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3114287
URL:	http://31.41.244.12/guba/rama.exe
URL Status:	Offline
Host:	31.41.244.12
Date added:	2024-08-18 13:14:09 UTC
Last online:	2024-08-21 10:XX:XX UTC
Threat:	Malware download
Reporter:	abus3reports
Abuse complaint sent (?):	Yes (2024-08-18 13:15:14 UTC to dl{at}redbytes[dot]ru)
Takedown time:	2 days, 21 hours, 29 minutes (down since 2024-08-21 10:44:17 UTC)
Tags:	Amadey exe MarsStealer Stealc

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-08-21	n/a	exe	adc570c21dfdc38b2b30dfa98cbd8fff624f5a83397e9199189b2182405a9535	37.33%	Stealc
2024-08-21	n/a	exe	12847c870546d30d8992c191775c0e2ce051c7536edb0c9aacc86eecef2e1179	38.67%	Stealc
2024-08-21	n/a	exe	57b97773593b3b07fc9607580db07bcc087b12859609cef3935cd7d933257ec2	36.00%	MarsStealer
2024-08-21	n/a	exe	a3a42db7a3e218aa6e20646efe0998a04da8580b448376c9f2d097479dded0e4	36.00%	MarsStealer
2024-08-20	n/a	exe	ead935f1295b51a63a66d2978ad3c185776e72ee57191694f4b6dcdba2db80e6	36.00%	MarsStealer
2024-08-20	n/a	exe	ff1820e68a7067ef6ad78ea9c19b929eb52729f85e349f75e226615ea72532f2	37.84%	MarsStealer
2024-08-20	n/a	exe	74adc4039c75425ad6a2b19b4ab6ac460d9a21f30ae71bb71408b8f530907c9b	40.28%	MarsStealer
2024-08-20	n/a	exe	8477d03a892b439f9032134b8f218c985ce81547a7179b49fc773fa4555498e7	37.33%	MarsStealer
2024-08-20	n/a	exe	4f0d4a6051b89dba2bb3402a50fef7f24ec81f50e9ff42539d9cf0d47155fe1b	52.70%	Amadey
2024-08-20	n/a	exe	77193fa24e31ebe1e65ee1fab3fa709b09fd3fca7264e5bd67416560c447a765	n/a	Amadey
2024-08-20	n/a	exe	d80c8b4507d2bdb403387a86a6483f9c1a656ada581db1e5a00ac9a011840bed	55.41%	Amadey
2024-08-20	n/a	exe	676d20b3f13b707d53a195cf4d908889af1c0cb9abcaef264c8c58134cfbede1	56.00%	Amadey
2024-08-20	n/a	exe	3a504dc5d0fc927ffbf9509ff9e9eb8bd812aa6724630a88d47e57b1fe29aa73	53.33%	Amadey
2024-08-20	n/a	exe	eae0d84af32d23a0fb57fe9e0b3ab4dc6ca181d8da265dcc7bcd2baea45ee8b8	57.33%	Amadey
2024-08-20	n/a	exe	e8f71cbcf6e0de49306f7abb28dd2d91546f4866fce7107f469e5a286f2e142a	56.00%	Amadey
2024-08-19	n/a	exe	7c17e2a16afd42e8ec40cae522b5bcfffc30ac9d82414860051690d79f803601	56.00%	Amadey
2024-08-19	n/a	exe	7ca2db4d4b8e506350a4e6a4b5aad4d0f4916cc2899db1444631cbb9cecc8f75	53.33%	Amadey
2024-08-19	n/a	exe	aedb7fe96ea5451ba7dd11d3ec6d591261206da8cdd8ea4460fa130f75944edd	56.00%	Amadey
2024-08-19	n/a	exe	129366676ec84c8b80324b807e321508fdd4c1b049c7f1ecd7bcc286a59c7b2d	55.41%	Amadey
2024-08-19	n/a	exe	146ac6bf1bfde8e2da24dcdab4117824e3a773686f67cc88f3ac47090bf37b4e	56.00%	Amadey
2024-08-19	n/a	exe	b6fb18598d39f74b07a44ffb01d9456402ab8c074f00e01390760f66add2f725	56.76%	Amadey
2024-08-19	n/a	exe	dcea76f42107adaef2d8bbe2d32bfeae8ad6b1cb94e7d94029934f20f98ba090	56.00%	Amadey
2024-08-19	n/a	exe	d5ff1bf0b5737c4d67cf5b49c1f99def73fb469e7e67a1859746e346759b4b84	53.33%	Amadey
2024-08-19	n/a	exe	73181c643bff01c0a23ff7a31c2936defe659f74ec5c0a4c5b1535d826aa02f7	53.33%	Amadey
2024-08-19	n/a	exe	4465411f981d1c9161d3f5c9119ba27fa3d606188afafb67dc7561e423a14221	59.46%	Amadey
2024-08-19	n/a	exe	ea6bafdd17dfdb867c18e1375c2c7e9b1fa3b6edb5155b6e88758e94aaa367c5	58.11%	Amadey
2024-08-19	n/a	exe	270ead3dd3ce3e7e9f2d6882e81ac4e828d421f4c5824951a6756583ed185af2	56.00%	Amadey
2024-08-19	n/a	exe	b06858d69a4fee57203e65fb8426737f4d29bd42792c4653ec32c6b41840e0c7	53.33%	Amadey
2024-08-19	n/a	exe	15efcb38c675d5fdf7878c390544393f462b29d46e8c8483bb748ae6561d4e76	56.76%	Amadey
2024-08-19	n/a	exe	7835a26e3f5ea565c099b426c66838dbea8642cd7dcf51fdfc260b1cd9bde4a6	56.00%	Amadey
2024-08-19	n/a	exe	a840d5528122d46386909e7998b18d963b0d02a68a5de2ceb9cee1dc427ba50d	53.33%	Amadey
2024-08-18	n/a	exe	d878030f234f47920ee616a7e8b6a888cb5fc7d6495e8462fa4ea1c225de2451	54.67%	Amadey
2024-08-18	n/a	exe	3c66aac01d3fa63870b76b73af1fb7670bb0b488d02c2855fd23f53cc364d14c	58.67%	Amadey
2024-08-18	n/a	exe	20f8a273a27325a7268632c1037d019b9d7a22a24526b30d50cb283b4014f480	54.67%	Amadey
2024-08-18	n/a	exe	917f617aebc0d82d801c0ad0a0ba14e6d8a7c67b62db883a4c12bbe833a28561	56.00%	Amadey
2024-08-18	n/a	exe	40cd8d9b6df941a90d60c7e00b6f2dbb70588ea0a3684fb39a60c393f1314afb	52.00%	Amadey
2024-08-18	n/a	exe	ab784e890cd75d28bbafa92580d1bd78e425eae49a189e93fdeeb41103e28ad5	55.41%	Amadey
2024-08-18	n/a	exe	0580aef848b294e9276d99f5d8303770159034581f2fbf954eba4d16a573bdd4	55.41%	Amadey
2024-08-18	n/a	exe	10afb5f99e9f494907a0b47823e69573301e7715ab389457bdcd391d8e9cf090	53.33%	Amadey