URLhaus Database

You are currently viewing the URLhaus database entry for http://31.41.244.9/tema/runus.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3125999
URL:	http://31.41.244.9/tema/runus.exe
URL Status:	Offline
Host:	31.41.244.9
Date added:	2024-08-24 14:10:34 UTC
Last online:	2024-08-26 12:XX:XX UTC
Threat:	Malware download
Reporter:	Bitsight
Abuse complaint sent (?):	Yes (2024-08-24 14:12:30 UTC to dl{at}redbytes[dot]ru)
Takedown time:	1 day, 22 hours, 1 minutes (down since 2024-08-26 12:13:31 UTC)
Tags:	dropped-by-PrivateLoader exe MarsStealer Stealc

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-08-26	n/a	exe	43fb165430900357661675fd65edc666c9f96f928d6f91e979843f333e9d742c	38.67%	Stealc
2024-08-25	n/a	exe	ed16f3cbddb2e5263186d116f41823b63c0b5fc5f467b0155e8b7fdab348dc6b	37.84%	Stealc
2024-08-25	n/a	exe	70c72d62f7ae50c10e2ac3e7b0d4ee7cd0b74e7159725d92b937ce828e32bcf7	38.67%	Stealc
2024-08-25	n/a	exe	5ea7e4466af27451d81694e26ccd63d4c628d7fae20c048f7bad8e4199ee9925	41.67%	MarsStealer
2024-08-25	n/a	exe	c44c6b9007dabc96cc7bcdd0c38aeca19a9073f79257a2fd134ad66002d98b18	36.36%	MarsStealer
2024-08-24	n/a	exe	f6ad3f81a2498a92af40c1a8a874b47bcbe195556d1f90f394d369e4220e1000	45.33%	MarsStealer