URLhaus Database

You are currently viewing the URLhaus database entry for http://malw.esalesin.com/ldms/956d73b7f041.exe#default15st which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3218364
URL:	http://malw.esalesin.com/ldms/956d73b7f041.exe#default15st
URL Status:	Offline
Host:	malw.esalesin.com
Date added:	2024-10-07 01:15:07 UTC
Last online:	2024-10-14 20:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Status unknown
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	Bitsight
Abuse complaint sent (?):	Yes (2024-10-07 01:16:10 UTC to karina-rashkovska{at}ukr[dot]net)
Takedown time:	7 days, 19 hours, 11 minutes (down since 2024-10-14 20:27:49 UTC)
Tags:	dropped-by-PrivateLoader LummaStealer Stealc

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-10-09	n/a	exe	50ceb67e5a65b823aae5f46619a22c70ee8bd3a9629cae0f2057dc910a833d06	30.56%
2024-10-09	n/a	exe	28865d4841c15bb05739c329168223ca2bae2ba84f001d36395b8fd0944bf5d4	n/a
2024-10-08	n/a	exe	37d8d0bd2f4a619e4f443d6128e6eb585eebc6f0762140d500311b425f443b4c	n/a
2024-10-08	n/a	exe	a637631ff3c35fe14ee3dc0c60671d6dc193dfe58366deef59a8ae2aff5861fd	n/a
2024-10-08	n/a	exe	0ee301cc1f3e79cbe85c6d813509c3aa3c2e62a13fcca41bd9d57f47212a321d	n/a
2024-10-08	n/a	exe	348cf33ce7814fe80b062908a08f1a6d6944f2b0b554a514b9204afd6da22bfb	n/a
2024-10-08	n/a	exe	e9775dd0baddb14b93f59a0c03db28bf930519e91120ba44d3317ef817cb3220	n/a	LummaStealer
2024-10-08	n/a	exe	06921efeedd768d9d69a55933c0e54801c0378061c8fcb6b5a0334cbfc9c4af9	n/a	LummaStealer
2024-10-08	n/a	exe	26a3d2e19923fa4d7020d42680f3d96715ba62d6102731fd646c0889a818f316	n/a	LummaStealer
2024-10-08	n/a	exe	a0161abed6fb600a59bbce3b354b66d275f006b3212dc3c9ac3a8e73cde15cf9	44.44%	LummaStealer
2024-10-08	n/a	exe	32aaa78c8c36cfe53c801d2ea1ddd65009d4d6957f7d649b3bd4aadceafb395b	43.66%	LummaStealer
2024-10-08	n/a	exe	7f80ff048536e98bad23298e0085a5363af034547eae542b6a3c346ade5b5e79	41.67%	LummaStealer
2024-10-07	n/a	exe	9e97f0139c2d9200e07f918a140e0d6952deff70ec218fe861ef0ba73d4f786f	n/a	LummaStealer
2024-10-07	n/a	exe	548617ec6305c654f71be990786ad737c3fce173e319c78f78d074589f72dbdc	38.89%	Stealc
2024-10-07	n/a	exe	59407e3678e29f0429e8896430f71acebd85d39c3e3c0738fcbf057abaa1e06e	n/a	Stealc
2024-10-07	n/a	exe	457312720154afb20a73932cc3ad3e0e852eb36ca03c26aa5fc3fb8b3e1d6135	n/a	Stealc
2024-10-07	n/a	exe	eab6e910af16ede49a705e7997b554b706d95c37724ab2551184109985cfb4d7	n/a	Stealc
2024-10-07	n/a	exe	21856be36cdc029369d22caaaad6bb0be6b267095cbe2ae2e28a8e844540cdcd	n/a	Stealc
2024-10-07	n/a	exe	ca93766922d5ce3f400af18a4d990377ace0b942cfcb044846d598e1395399b1	n/a	Stealc
2024-10-07	n/a	exe	97589cdb752317b0a8001b6faf0fceb68acd34c561b9a02b44b77cd3592e638c	43.06%	Stealc
2024-10-07	n/a	exe	1f11629cc1cf4d00dbfbe5f11f5df7b5588dccac7e7cf85dc5e696703179ad28	41.67%	Stealc