URLhaus Database

You are currently viewing the URLhaus database entry for https://147.45.44.104/yuop/66c08d2750ada_PilotEdit.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3207751
URL:	https://147.45.44.104/yuop/66c08d2750ada_PilotEdit.exe
URL Status:	Offline
Host:	147.45.44.104
Date added:	2024-10-03 10:38:57 UTC
Last online:	2024-10-22 17:XX:XX UTC
Threat:	Malware download
Reporter:	NDA0E
Abuse complaint sent (?):	Yes (2024-10-03 12:44:07 UTC to karina-rashkovska{at}ukr[dot]net)
Takedown time:	19 days, 4 hours, 25 minutes (down since 2024-10-22 17:09:54 UTC)
Tags:	exe GoInjector LummaStealer

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-10-16	n/a	exe	164da131421eaa679256fe7eee1ead327389c1715df7c52c3d5f2697a99e593d	n/a
2024-10-15	n/a	exe	8a58ebe8dc98a56b55a41eebe0768796b3051f5f727c3a8a19c319aa51a98c37	n/a	GoInjector
2024-10-12	n/a	exe	9e30674a4b54733aad6f0bc5dda700324cf7ea420f1626dce6a146e3252fba70	n/a	GoInjector
2024-10-06	n/a	exe	172a3f35a795f8c5a8af4c2af0fe0df085a4f4ee433b6bbef9c95ad1c729ee63	n/a
2024-10-03	n/a	exe	c71ed9c894349306956a40c939056be8ae8c1991a55588517e771c819f1a174f	75.34%	LummaStealer