URLhaus Database

You are currently viewing the URLhaus database entry for http://malw.esalesin.com/ldms/fedf8679e8d2.exe#d12 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3218649
URL:	http://malw.esalesin.com/ldms/fedf8679e8d2.exe#d12
URL Status:	Offline
Host:	malw.esalesin.com
Date added:	2024-10-07 05:17:04 UTC
Last online:	2024-10-12 19:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Status unknown
AdGuard :	Status unknown
Cloudflare :	Not blocked
dns0.eu :	Status unknown
ProtonDNS :	Status unknown
OpenBLD :	Not blocked
DNS4EU :	Blocked
Reporter:	Bitsight
Abuse complaint sent (?):	Yes (2024-10-07 06:35:15 UTC to karina-rashkovska{at}ukr[dot]net)
Takedown time:	5 days, 12 hours, 46 minutes (down since 2024-10-12 19:22:04 UTC)
Tags:	dropped-by-PrivateLoader LummaStealer Stealc

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-10-09	n/a	exe	6b032a89988a3de8005371562c8d89e1e951171eb84e40eaecf718a5a1b944f9	n/a
2024-10-09	n/a	exe	b05eb61e8300da88984dd9692b69489b217a6485b0c2b54c8757aff3755055c2	n/a
2024-10-09	n/a	exe	2b9dc49a20ada5b22a2e20d3f06a44064c4f42dda488a87dfc43e5736e458629	n/a
2024-10-08	n/a	exe	b2df4e7a49f52a5b5b95550bf9967e59f975bbf1fa7e90dc1f70d9a3cca7aa24	n/a
2024-10-08	n/a	exe	4d198089c44d6c229906a7d268dc540aa1d3aaf46bad1fc01be48b4d7d8e4e8b	n/a
2024-10-08	n/a	exe	f6ca3e7b153a74e012537f1fe60abc97e3680d373699c16ebd18677c1e65570d	n/a
2024-10-08	n/a	exe	df08d820e0bffbed4e2cdb1fd08ebffbbe7bc6a9983057b0ff58eafb1e2db197	n/a	LummaStealer
2024-10-08	n/a	exe	a9573fc6aee8c95f0972bb4f600cc694f762cbef2fe95abadfbb174abe341d9a	n/a	LummaStealer
2024-10-08	n/a	exe	dcb72f35b57c6f969000666d9c79db57b4e18745fdecc4cf96a8abe4433b20ed	n/a	LummaStealer
2024-10-07	n/a	exe	bf71fed04dabfe3a63494cb3e6a1835d1963944c6ca013171e2d584dfc5cec16	n/a	LummaStealer
2024-10-07	n/a	exe	cb520c16ef8b5cfc4bd9c136d089d1414e4d7f1ed3ff4fa14fc11446640bc667	n/a	LummaStealer
2024-10-07	n/a	exe	e703d143255549b1d8c24c6a9020d22c921c52b564c1bccfd36ff42e0a295409	n/a	LummaStealer
2024-10-07	n/a	exe	a0122b3e4be575c96b759d367153886fc2b901bb11e23cb8975f3590e7ab9259	n/a	LummaStealer
2024-10-07	n/a	exe	62c48bf37f3c95e8c939795dbc7de86173955a3a2bf807cf2ab23e069eac5aa0	n/a	Stealc
2024-10-07	n/a	exe	aea684ef52aee40014503e626da6d304d995ff7b406683f3fdb75c6eb326fa1a	n/a	Stealc
2024-10-07	n/a	exe	67eba60198dbb8445e75569883b0aa10a27861ba881f9aabd7b9921af5d878db	n/a	Stealc