URLhaus Database

You are currently viewing the URLhaus database entry for http://malw.esalesin.com/ldms/f2e7fcb20146.exe#sp_sl which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3218365
URL:	http://malw.esalesin.com/ldms/f2e7fcb20146.exe#sp_sl
URL Status:	Offline
Host:	malw.esalesin.com
Date added:	2024-10-07 01:15:07 UTC
Last online:	2024-10-14 20:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Status unknown
Cloudflare :	Not blocked
dns0.eu :	Status unknown
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	Bitsight
Abuse complaint sent (?):	Yes (2024-10-07 01:16:10 UTC to karina-rashkovska{at}ukr[dot]net)
Takedown time:	7 days, 19 hours, 13 minutes (down since 2024-10-14 20:29:36 UTC)
Tags:	dropped-by-PrivateLoader LummaStealer Stealc

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-10-09	n/a	exe	ddf3c590d0cd0bf3f871c5baa3a84e14428cecf3a929fd2c40d483e3252d45ff	30.56%	Stealc
2024-10-09	n/a	exe	3d0be4202906637bd2553570165b8ae414049e3920b217115b11a08c4ae3181a	n/a
2024-10-09	n/a	exe	20d347c984cc29d7bc7de25c5170e7e7d0ce69636bc21bfbc06f6fbe9713c053	n/a
2024-10-08	n/a	exe	79dcab12fb6366fd486a8341d9001112a8bc5b56c8dc7c0e466aa406c09e212d	n/a
2024-10-08	n/a	exe	86ba832d528bd45408e0cf0561c91c193f16cd60d3d7997db9b62d7f3cab3bef	n/a
2024-10-08	n/a	exe	fb072f72a01c301059a14d131926fd8715b53cb267e8d38851f447bbf8af4059	n/a
2024-10-08	n/a	exe	dcbae6355c7cefa0c340c805cd628a0b03b63a769f2c469e62a37f67959c69f4	n/a
2024-10-08	n/a	exe	dbcb90a07934f70edaca89cf53b39fd83ad6d253e1b04f28d0d5ae674011930b	n/a
2024-10-08	n/a	exe	b387b9e0ac7d941eebd0dd0c2d529aa987612b522ae79d23de989d0180b960ea	n/a	LummaStealer
2024-10-08	n/a	exe	423a7bec50ce6885b6106d29c6aa43eaaccb515c39c917de6c829e4c78befb69	n/a	LummaStealer
2024-10-07	n/a	exe	6937f18bfcc53400c0770b258f8850ab7903ad77742e8b965e50442c492974cf	40.85%	LummaStealer
2024-10-07	n/a	exe	a4b9b6fbbfc4712c388884748c14772b30eaa1e0809e440eed36c585881db5e8	n/a	LummaStealer
2024-10-07	n/a	exe	fde872c02c049b7b02d8dfa2d694fba47b8d300001c6cf0ec83f11634a7256dd	n/a	Stealc
2024-10-07	n/a	exe	08fc29d1bcd3c1c9145a6cf9087ce892217c2d0312410d916dd8aa748a0479c6	41.67%	Stealc
2024-10-07	n/a	exe	9714d301c8b96c7263dea4a36ddbdf74896d31f648d2836fa2d2642dccca17e8	n/a	Stealc
2024-10-07	n/a	exe	8d2cb6be85138f59f10d6fd16533380d85168999a9b29f9a17c6061697306372	n/a	Stealc
2024-10-07	n/a	exe	704465dea60612c850ff0e2fd1e71a3b6066850ff62ab78810fdf1d4a411e23e	n/a	Stealc
2024-10-07	n/a	exe	3c46bbc43c9a2adce29cfd18e5655521c3219117b609a2b299dbdb469b0ed221	n/a	Stealc
2024-10-07	n/a	exe	7defa2c0bf2edac12ddd8f800dbb86bb2e7e4c219cd24a191094a554c0bd294d	n/a	Stealc
2024-10-07	n/a	exe	63cb5534211d5973fec5d4b7c7c00f5965cbd4e928ce48c90825c2b26c4c2186	n/a	Stealc
2024-10-07	n/a	exe	f2c602fbe5b5fd1aeeec123d1d0ee554d7b6ab98501ade7202d6b418f6cb1017	44.44%	Stealc
2024-10-07	n/a	exe	b203e7abd53a6de71d5271e86d2b5029bd14ec1cbea5d29a500d9aa21d564e06	n/a	Stealc
2024-10-07	n/a	exe	3bc752d2803f660c3216bcfa6fcd3cfb03b21b8753d4bec32f4e679af854028a	41.67%	Stealc
2024-10-07	n/a	exe	33ec381cf58df623bc6b3879a5aea2914034d42b885a2c61aaf10f6c2ab8cae4	41.67%	Stealc