URLhaus Database

You are currently viewing the URLhaus database entry for http://malw.esalesin.com/ldms/04a4f32fae41.exe#d16 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3218361
URL: http://malw.esalesin.com/ldms/04a4f32fae41.exe#d16
URL Status:Offline
Host: malw.esalesin.com
Date added:2024-10-07 01:14:05 UTC
Last online:2024-10-12 18:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Status unknown
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Bitsight
Abuse complaint sent (?): Yes (2024-10-07 01:15:13 UTC to karina-rashkovska{at}ukr[dot]net)
Takedown time:5 days, 17 hours, 22 minutes Bad (down since 2024-10-12 18:37:54 UTC)
Tags:dropped-by-PrivateLoader LummaStealer Stealc

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2024-10-09n/aexe 48c9e1cce6868ed1f46051b8898643c59545185e16600f15bd54ce86a74f766aVirustotal results 30.56% 
2024-10-09n/aexe e3cead8afcee966cf37c52a1e22d8d51e970c612601d281b7ecb70b28f88dd53n/a 
2024-10-09n/aexe 3cb2802eef6f49e7f60f7609f21cd840159d47199858bf6dbf5695e33c6600aan/a 
2024-10-08n/aexe a6cab4318804f1602dd1fd89cf462db470a88be3f423bcbb574adf232d82e643n/a 
2024-10-08n/aexe bbfe361a90489fa7a5e7bb26e8b258046fb54d27c3dc2e793fc940404588ff10n/a 
2024-10-08n/aexe 62e46c0f587989491f1430c931232add0d2feb206f548b87a4451125ed07824cn/a 
2024-10-08n/aexe 62266679897438d9641ceee363931132804cfa8a6dd01a6428807034486b3ca5n/a LummaStealer
2024-10-08n/aexe fedc791647e435252f93b5fd03af2c8f13569757b9263aef1c6e5a5052b7c848n/a LummaStealer
2024-10-08n/aexe a15e56a6de648104ae86905a0c55915cb744ddb5854993c9734642fb8c256b03n/a LummaStealer
2024-10-08n/aexe 0d2d7b67867e49a293adc42e9fbd0bf60313a0583e3f258ca6b21fa86109f434Virustotal results 50.00% LummaStealer
2024-10-08n/aexe 2f2c13a8d15880f1b8c5445f4fb93280749fd126ca25075001a3f70b1075c22en/a LummaStealer
2024-10-08n/aexe 5a99fc14e5814146ccb779d8919cdea49044575153a14a1507f6824704624265n/a LummaStealer
2024-10-07n/aexe be118a2f474e6c797f2adf7ef65ab3b1c686d9b69f23aa75a51ab76ac8df098cn/a LummaStealer
2024-10-07n/aexe b9bd69cde1106ffa9e20849e8f2947c21fd61a86dc6963c189f1d1161b741004n/a LummaStealer
2024-10-07n/aexe a1b896d4621c65d5cf4559bd99c66a645bf0a0f1eb240e11ec51575112aa255cn/a LummaStealer
2024-10-07n/aexe 2c7f0a571fc944a5fc024d98035ad6e24d602bc61e66f8b15714d31e442d1479n/a Stealc
2024-10-07n/aexe 0ad2bf1bd302874fe6db73b0e6a76abda01a4880177f252ea3cd40eabde7c191n/a Stealc
2024-10-07n/aexe 66eef4f0ead6c1ff28b7725727e8b64a8abf413ed7befc4df3039dd03798f0a8n/a Stealc
2024-10-07n/aexe 1bf569fa9c438a489c59a9d6a3986e43242bbbfbd62c04e871b579e6c4ab50e9n/a Stealc
2024-10-07n/aexe da20b19fc505734026aa3605a1009df35800a8c5f42c4be41824a0931c08227dn/a Stealc
2024-10-07n/aexe 96603281ee86f847bb8268da5892fb01fc9c1730eaf0f1b438d5b703f24d8e0fn/a Stealc
2024-10-07n/aexe a09b1e287a327121cd1c33a150391e0986b17c9aa3f7060a56a93b4cc4adf906Virustotal results 41.67% Stealc
2024-10-07n/aexe 25f720e9b969bdbece357a4704d4575a47ab8230affefbc2bfc467cb317835f1n/aStealc