URLhaus Database

You are currently viewing the URLhaus database entry for http://222.186.172.42:1000/C1.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3295859
URL:	http://222.186.172.42:1000/C1.exe
URL Status:	Offline
Host:	222.186.172.42
Date added:	2024-11-19 08:10:19 UTC
Last online:	2024-11-24 07:XX:XX UTC
Threat:	Malware download
Reporter:	Joker
Abuse complaint sent (?):	Yes (2024-11-19 08:11:12 UTC to anti-spam{at}chinatelecom[dot]cn)
Takedown time:	4 days, 22 hours, 56 minutes (down since 2024-11-24 07:07:46 UTC)
Tags:	BlackMoon malware opendir

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2024-11-23	C1.exe	exe	e9f8094cfed885ebfa876268eff009e0b2bd4caf06365e961b310fb1d1fc5164	n/a	Blackmoon
2024-11-22	C1.exe	exe	81e7fa0fc24b0548823803e74d537657f445d0fab510818f9326ec10ff58d23a	n/a	Blackmoon
2024-11-21	C1.exe	exe	afc91e7a837ed26029ee80c056ea98e686aab036eff83786c5b6ea0bb80b5967	n/a	Blackmoon
2024-11-20	C1.exe	exe	a1eed50b9ffb98d20c742d9d16b8dd4f8f9ec9dd5c8f33973581891f288edfc6	n/a	Blackmoon
2024-11-19	C1.exe	exe	1ea12e703479d5e6ff97db2c41fe63d49aa63b6793a5fdc33c51f679484b55d3	n/a	Blackmoon