URLhaus Database

You are currently viewing the URLhaus database entry for http://168.138.162.78/output0/client/cabalmain.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3442712
URL:	http://168.138.162.78/output0/client/cabalmain.exe
URL Status:	Online (spreading malware for 1 year, 3 month, 15 days, 0 hours, 46 minutes)
Host:	168.138.162.78
Date added:	2025-02-17 07:15:18 UTC
Threat:	Malware download
Reporter:	NDA0E
Abuse complaint sent (?):	Yes (2025-02-17 07:16:11 UTC to abuse{at}oracleemaildelivery[dot]com,domain-contact_ww_grp{at}oracle[dot]com,network-contact_ww_grp{at}oracle[dot]com)
Tags:	exe Jaff

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2026-02-12	cabalmain.exe	exe	b231ea42048fdb554a5724eeaea57e7c7c1a0bc05ee899514c88a729db99f59f	n/a
2025-05-03	cabalmain.exe	exe	b6eab297aa8ef9e9318d2d8802f8a862aea244e95941edac8dc8fc541d463568	n/a		Ransomware.Jaff
2025-04-15	cabalmain.exe	exe	b19db24675533f39f446551b168c53a63eea6e0b102e8394ec49c76df2e77692	n/a
2025-04-04	n/a	exe	dc634e2113ec4cc269700662b8f95218038cdae3e1df327ef086b94c24fea84a	n/a		Ransomware.Jaff
2025-03-27	n/a	exe	da1da318c266b85b9ba028b4883dacc02114250f7dd953ede8bfe7f6e6c4bc23	n/a
2025-03-25	n/a	exe	82758a757dc2b436305f2c15d1e705b2a9df7acf17471313a99fad4cec81ee3a	n/a
2025-03-18	n/a	exe	e3a895fb62bccc0ff5a0843d1e1b405337a5be58b7dc33f3c9a2cda6dceae43e	n/a
2025-03-17	n/a	exe	c69f17e2ec7a2f0e84ef83bff06e3dffea3f35f00adb9bc99244a5d78c3ac2c9	n/a		Ransomware.Jaff
2025-02-21	n/a	exe	b971d5715030c62ebbe4c93e502df69964e20c8b71fe06f3293bd5283bdefc57	n/a		Ransomware.Jaff
2025-02-17	n/a	exe	b8d000c3a1bffd4e429c70f8d7ff1f46a0e391bb8f9b823674473f5686991529	46.48%		Ransomware.Jaff