URLhaus Database

You are currently viewing the URLhaus database entry for http://176.113.115.7/files/5561582465/UZPt0hR.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	3500763
URL:	http://176.113.115.7/files/5561582465/UZPt0hR.exe
URL Status:	Offline
Host:	176.113.115.7
Date added:	2025-04-04 06:21:07 UTC
Last online:	2025-04-13 21:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2025-04-04 06:22:07 UTC to abuse{at}starcrecium[dot]com)
Takedown time:	9 days, 14 hours, 48 minutes (down since 2025-04-13 21:10:30 UTC)
Tags:	DarkVisionRAT

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2025-04-10	UZPt0hR.exe	exe	53dc5dbe4be5a9187c5caf2b3c9b2b5df040c4c307fb0a2d3bfa9fd7a5180e4e	n/a	DarkVisionRAT
2025-04-07	UZPt0hR.exe	exe	e4094a03164aecf804eef2b9690796761b195786062273eaeb8bf7be0c18045d	n/a	DarkVisionRAT
2025-04-05	UZPt0hR.exe	exe	c81ece0b60ed50db7d3769388f34ba051a05c95bd026e78dabb6ce08ff91bbba	n/a	DarkVisionRAT
2025-04-04	UZPt0hR.exe	exe	6facc38b5b793b240f3a757e0e22187f3b088340ec02c87d90250c2ced4c1600	n/a	DarkVisionRAT
2025-04-04	UZPt0hR.exe	exe	2c5b54f2576e1524d5dc1c5405d2b8cfe72fc16ca2a1c7c319e0961833d9d069	64.06%	DarkVisionRAT