URLhaus Database

You are currently viewing the URLhaus database entry for http://malw.esalesin.com/ldms/7f3c2473d1e6.exe#sp_vid which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3218360
URL:	http://malw.esalesin.com/ldms/7f3c2473d1e6.exe#sp_vid
URL Status:	Offline
Host:	malw.esalesin.com
Date added:	2024-10-07 01:14:05 UTC
Last online:	2024-10-12 19:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Status unknown
Cloudflare :	Not blocked
dns0.eu :	Status unknown
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	Bitsight
Abuse complaint sent (?):	Yes (2024-10-07 01:15:13 UTC to karina-rashkovska{at}ukr[dot]net)
Takedown time:	5 days, 18 hours, 9 minutes (down since 2024-10-12 19:24:52 UTC)
Tags:	dropped-by-PrivateLoader LummaStealer Stealc Vidar

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-10-09	n/a	exe	53e0a2da42ca576d96a70ce70f1b1817230456a4e66e6ae58ed4167c260be391	n/a
2024-10-09	n/a	exe	c016811153487b102729ab7a91d93b9663b024d8634cb3b0245a6189c7470e60	n/a
2024-10-08	n/a	exe	c1bffd14fb5219a5bf96e2a962e52ea4e8877f3f7ae6fd9489090a9b2cfd74ab	n/a
2024-10-08	n/a	exe	e66017b5d5661014df892f5d1d617e645428d5c476a800eaba32d3521de51fca	n/a
2024-10-08	n/a	exe	53c454d3daba412d544f91eddec97c12c12f0b16aa1aa1595527be78210fbfcf	n/a	Vidar
2024-10-08	n/a	exe	758899ad43aea7a53b7d397c517773e712e7ed0f66f8cbd52bfd39a04aabb3d0	n/a
2024-10-08	n/a	exe	f76e79c5e64a9d070fad62850774c0110ec1340fa83268acc6163491e138e5aa	n/a	LummaStealer
2024-10-08	n/a	exe	2c90b8d93d2a2cdfcbc024099dc866acd34a89c1f4aa597c4f21ab2061a5e2b2	n/a	LummaStealer
2024-10-08	n/a	exe	47bbecb6076d32bb433b30d17ce6ad6994fd1242d0fa07e7c335b5125a03e097	48.61%	LummaStealer
2024-10-08	n/a	exe	c75c774f41ba9b7c18a9c4ccd2c34dc9afd839dcc2676a11c59bd823c999ba5b	n/a	LummaStealer
2024-10-08	n/a	exe	c60e631b614e15e7c025f011836997fd34867ab89d3260b0b50727bf651c8c4c	n/a	LummaStealer
2024-10-07	n/a	exe	f0a8b069fdf150662ff44789cf2850b9c416e1be736f13f66111ebf2e2f7cd6f	n/a	LummaStealer
2024-10-07	n/a	exe	7823532217e8b06b102734023019188833b3e0ae711c3dc6f9cb437d8c48d14b	n/a	Vidar
2024-10-07	n/a	exe	74d97d001058dc33a510dc4da4001a69ebe56b63facb1720f8959714953d9746	35.71%	Vidar
2024-10-07	n/a	exe	a65dadd40bf16ea07c92d07b0cd602390866f4a9ffb6478b114bcf6ffd131d26	n/a	Stealc
2024-10-07	n/a	exe	63e93dd03736127543d86f57c7f301daf39a1435a32411e97486c700a0815d8f	n/a	Stealc
2024-10-07	n/a	exe	ec73755ba530fa0051336780a0005be8fefc4c7ecbc5134b43b9da46f4d54d12	n/a	Stealc
2024-10-07	n/a	exe	cf080ecf1b49f41b41f504264e805887b80f739d596971093afeeb9254761da9	n/a	Stealc
2024-10-07	n/a	exe	f416dadede9d3f683acd9ca40c4dc8a29b046e26478d1d33d1fd5cad292d565d	n/a	Stealc
2024-10-07	n/a	exe	f754c5c7f44951ec07e037b39af702849b07998f37edd249d54ead17fce888a6	n/a	Stealc
2024-10-07	n/a	exe	49a7f82743a038d7a570d5d5d8ecb92f369f0e6dbba6532674c4789f0daf9b31	41.67%	Stealc