URLhaus Database

You are currently viewing the URLhaus database entry for http://185.215.113.209/inc/7777.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3337880
URL: http://185.215.113.209/inc/7777.exe
URL Status:Offline
Host: 185.215.113.209
Date added:2024-12-09 08:10:56 UTC
Last online:2025-04-28 12:XX:XX UTC
Threat:Malware download Malware download
Reporter: abus3reports
Abuse complaint sent (?): Yes (2024-12-09 08:11:13 UTC to automatic-abuse{at}eliteteam[dot]to)
Takedown time:4 months, 20 days, 3 hours, 52 minutes Bad (down since 2025-04-28 12:03:50 UTC)
Tags:185.215.113.16 GhostSocks LummaStealer Sliver

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-04-047777.exeexe bb0617b85fdb00ef5eed737c6b7a9c9295be2f7910dc883d09435832b35a70e6n/a GhostSocks
2025-02-26n/aexe e22ccba95cc0846434b57cda9326cd31452010de85ecfa59f50d66ed508e09a3n/a GhostSocks
2025-01-25n/aexe d0e32481aba1ce49ca706075b9cef466d3bc36ba3b82dacea33da72f0ce613a6n/a GhostSocks
2025-01-20n/aexe 8e17885fd064544ace7bdc6e73ff112837fbcd356050b2c67610752ef27e0f36n/a GhostSocks
2025-01-20n/aexe 2edc3bf951d5d547464e03949c97ee89f1e67bcd8870b690ca55a0e906ed7054n/a 
2025-01-20n/aexe 8b03b76cf97e541207ea2919b31a3dda6178545b515a8e80d2d499225f62dbdan/a 
2025-01-09n/aexe 8edfdafaf400d307fb0167cae1eee0a8bdaf6dadda3478bdc370255c91215153n/a 
2025-01-09n/aexe 2116e5a655de59a497217035d8378296b9f9b353af57a8522123f50cdd7f8c85n/a GhostSocks
2025-01-08n/aexe 737432302d562d84767f24d33fc7055688903c83054abec36a5f1525449d6d1an/a GhostSocks
2025-01-07n/aexe 419154759cad920f1379573b456ebf3adf0baeb9bba26a483ae7b464d7e5b5b0n/a GhostSocks
2025-01-02n/aexe 1be88feab1397f9ab0329f6fad5f5d7c841927b8444aa05bb95d4d59acf1cefcn/a GhostSocks
2025-01-02n/aexe b1c67a689ab46763e629986c231ca58ad30218725358c6df4f35fa0d99a90e91n/a GhostSocks
2025-01-01n/aexe efeba4012150e07c2112c69fdba5783a585f868ece77813d3340b8a1639d8c9cn/aSliver
2024-12-24n/aexe ffed3602a5705bf38f3cf41250ca3b327a53511b23156a2da05f577a07733772n/a Sliver
2024-12-14n/aexe ceea472f03073f4bf1bbccf057fe899e640126d0df5b9ba5cc5b8cbcdd772d77n/aSliver
2024-12-11n/aexe 9ac5fe7254a635bb7fb02a6113c4fbf282b86dff0485639b3adccfac8c87028bn/a Sliver
2024-12-09n/aexe a875ad2c88045b9ef67d367ad30a8679416651934ab34ece14af63e2c12ede09Virustotal results 73.61%LummaStealer