URLhaus Database

You are currently viewing the URLhaus database entry for http://168.138.162.78/output/client/cabalmain.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3442616
URL:	http://168.138.162.78/output/client/cabalmain.exe
URL Status:	Online (spreading malware for 1 year, 3 month, 14 days, 9 hours, 47 minutes)
Host:	168.138.162.78
Date added:	2025-02-17 05:23:16 UTC
Threat:	Malware download
Reporter:	skocherhan
Abuse complaint sent (?):	Yes (2025-02-17 05:24:07 UTC to abuse{at}oracleemaildelivery[dot]com,domain-contact_ww_grp{at}oracle[dot]com,network-contact_ww_grp{at}oracle[dot]com)
Tags:	exe Jaff

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2026-01-13	cabalmain.exe	exe	039f46b0f583eaa274e14bf4065a6aa34798fb6b6d1360fd4e51252281838907	n/a
2025-08-23	cabalmain.exe	exe	26d61edecfee1fb874392d0cd3572043ade1374fd9d8ebd086a97725f0e445a0	n/a
2025-05-02	cabalmain.exe	exe	ec975e4eafaa23af372db01eaa601ae9b69844321ad0b577507e56d6a213da21	n/a
2025-04-22	cabalmain.exe	exe	6206e78449a863ae91217977337792cb5167e9d008103d492c50194c51087924	n/a		Ransomware.Jaff
2025-04-07	cabalmain.exe	exe	f24628589b203a3935c5cd6c423eb484c283ee6bd221ecc1aa720eddc084f263	n/a
2025-02-19	n/a	exe	550c6dbc351680b5d63f62110fe9252041631a0e53b49a0ca1e752fa04ff54b1	n/a
2025-02-17	n/a	exe	8f0fb5062f1aa62b0187209649207fc9cad6cc58832d1f688a7bd9385cd4f5db	54.17%		Ransomware.Jaff