URLhaus Database

You are currently viewing the URLhaus database entry for http://176.113.115.7/files/7033027882/ZqkKpwG.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3476626
URL:	http://176.113.115.7/files/7033027882/ZqkKpwG.exe
URL Status:	Offline
Host:	176.113.115.7
Date added:	2025-03-14 09:30:06 UTC
Last online:	2025-03-25 22:XX:XX UTC
Threat:	Malware download
Reporter:	TornadoAV_dev
Abuse complaint sent (?):	Yes (2025-03-14 09:31:09 UTC to abuse{at}starcrecium[dot]com)
Takedown time:	11 days, 13 hours, 6 minutes (down since 2025-03-25 22:37:39 UTC)
Tags:	LummaStealer Rhadamanthys

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2025-03-25	n/a	exe	4d0f0f1165c992c074f2354604b4ee8e1023ba67cb2378780313e4bb7e91c225	18.06%	Rhadamanthys
2025-03-23	n/a	exe	843b982f5fe42f642e0f7a3b1c10cddd1bc0e4072e31d6474aff430ef7977960	n/a
2025-03-22	n/a	exe	2cc64f3810fa38bbeb660442c88ed358329f20aec739639aa44780ef42d7a9f6	n/a	LummaStealer
2025-03-21	n/a	exe	5a84f8015c00499d691df2724b50c08376d0ae4e62fc4e5abb1a3497ec3b438e	n/a	LummaStealer
2025-03-18	n/a	exe	95f6d5e1afbf01d118af5917d43272235c95208fded0e4e27c39197e3206695d	n/a	LummaStealer
2025-03-14	n/a	exe	11577483217ab72ade0d8355c165fa033e3c0f3455b0380c3f763b82b042b88f	49.32%	LummaStealer