URLhaus Database

You are currently viewing the URLhaus database entry for http://185.215.113.41/download.php which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3519140
URL: http://185.215.113.41/download.php
URL Status:Offline
Host: 185.215.113.41
Date added:2025-04-20 08:07:12 UTC
Last online:2025-04-28 11:XX:XX UTC
Threat:Malware download Malware download
Reporter: abus3reports
Abuse complaint sent (?): Yes (2025-04-20 08:08:08 UTC to automatic-abuse{at}eliteteam[dot]to)
Takedown time:8 days, 3 hours, 2 minutes Bad (down since 2025-04-28 11:10:15 UTC)
Tags:Amadey CoinMiner DarkVisionRAT lucifer link NetSupport link RedLineStealer link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-04-28random.exeexe 09f109889be9ff5c78b59c63ae814655ab94640d3fa73d81c8965717c3c6dc89Virustotal results 77.78% Amadey
2025-04-22random.exeexe ebdb501c9e73421a78ccbef4e15d292a39ad8d97a5cf329ffcf4ac269ac10108n/a CredentialFlusher
2025-04-22random.exeexe 11cbacb785691e69c882f15e29d36cc5e859d9f30f9c329feca0a85c8ef4297en/a Amadey
2025-04-22random.exeexe 4ac4fb9719afda423f9333e6e46141e0608ad0ca6f61150b70b38429f421adffVirustotal results 72.86% Amadey
2025-04-22random.exeexe c7780d08525bf94a1d7049ccc910134e96cb10f5db537053a50476a9fe1c71c4Virustotal results 67.61% Amadey
2025-04-22random.exeexe c195ee0aeee954015c8be1f3353e28c19d4004e1a094c543f6681a3dcddb33e1n/a Amadey
2025-04-22random.exeexe cf9c8be50c64e623f511e306a0a995587a4952a010871f9f52309e48e8d91274n/a Amadey
2025-04-22random.exeexe 50ee90862ed95257720923e3b9f278eef7da8d305387e492707558c733ff9de1n/a Amadey
2025-04-22random.exeexe 30ed42f2ba7de726c8868b832e614882f0649457e556205b0cf7424701278267n/a Amadey
2025-04-22random.exeexe 2940fb0b74b0036e0ec640565b1dcd5b05d8a6b965007832231cb24d2752d335n/a Amadey
2025-04-22random.exeexe c94d2b9ee69063e0dbe3f405ea5efd6abeb11942042b7437ee4604da0e46754an/a Amadey
2025-04-22random.exeexe 0350569f78f49c6674b100464ff77339c5c07d0ef48855feb86aaac81931f9d2n/a Amadey
2025-04-22random.exeexe 5dc148c8cd3fabc1f1d10c56585bf8cb011cc27a14af1c421a64d7e553db5610Virustotal results 64.71% Amadey
2025-04-22random.exeexe 818cccca2d3ef6598217f9c6dc4849635b0b8cc1817dbef952a16c22dd707ef2n/a CredentialFlusher
2025-04-22random.exeexe 70111932ea441f249c3b99a8e0ddf4235b8aea24bc6093389bbb3b4df159a6e9n/a CredentialFlusher
2025-04-22random.exeexe 8ccb70e70b90b102c585cd750ba0f1f4524c27cc92ec5ce9b2c4110dc904db4cn/a Amadey
2025-04-22random.exeexe 43f187e16b86e2c1fd9c4c23576b70531ed08ff582bee7c94980940cc25abe1bn/a Amadey
2025-04-22random.exeexe cf158028f3ccc8bb22f56c8ea91633cbbaaaa5693ccc5bc214577dbac53da271n/a CredentialFlusher
2025-04-22random.exeexe b55d426b8dc0ccbfb3a50ebf00ebcb2e0cb177458ac9e95373b0623cc945c39fVirustotal results 73.24% CredentialFlusher
2025-04-22random.exeexe fcf4e2b55e96646f86d02dfd8eb0929057505ac193bff8c4470a60e9ab400c17n/a Amadey
2025-04-22random.exeexe 52361be82676ee24ebe76772e37d4c037a3f23e1f8bba881eecda730b47bef95n/a Amadey
2025-04-22random.exeexe d5968b83f07bc2617926ea76f2146968232654958671921c88679a068d691d59n/a Amadey
2025-04-21random.exeexe a0bcd1b1ec3143aa7bb11a8080d7f1e61f8ab045e06252ef507d0558f6eff55dn/a Amadey
2025-04-21random.exeexe 281d63c246f005267cc0a17755e416215dedb0d4e1715745c34ad3b8b3e7ec4en/a Lucifer
2025-04-21random.exeexe cb430eb78924333bbf1a2e48e35c80760669662339334bf258d05a0fffa1d793n/a Amadey
2025-04-21random.exeexe a7c63577d769e659fc7172f60c04528a973a6a68a5c80be7b51f407db6800569n/a Amadey
2025-04-21random.exeexe 9ed9fd45446f4a3eccd3977394ef4045f621e63850c9672ffd03771ab675f3d0n/a CredentialFlusher
2025-04-21random.exeexe 5b9183bb9f27bfb4eff28c61257d674c1878e556a2f79b98f4099850414b58f3n/a Amadey
2025-04-21random.exeexe 0ad2efd0b2590290677dae7d803c45be6f7945897f2df4fad6b82ceb5b87fc52n/a Amadey
2025-04-21random.exeexe 2b4340e02291a3c330c26ece2b5ad8e26868c2ab0baf40435de865998d74cc16n/a CredentialFlusher
2025-04-21random.exeexe 256f3e96fd51d67bd267c9ff55d382bf002d55b7f8e261e87431690c7f4e2dcbn/a NetSupport
2025-04-21random.exeexe 2fecd4a4df34a5d65a9f92da83a7786ae9aef87dcf86467701fa7c5149c3a809n/a Amadey
2025-04-21random.exeexe 1c94eacfabc6ea45a3b9c6f6c0da688982c79ceb3e93103bc1549af8913e4670n/a CredentialFlusher
2025-04-21random.exeexe 3fa0199990776f1a9b5f039168e5baaa1b083b8aad9987848c2614b91ed04f25Virustotal results 70.83% CredentialFlusher
2025-04-21random.exeexe 1bcb386e4664131ece3e26731fc3e3b0bb918ed7488812e49aeded7f39a2e083n/a Amadey
2025-04-21random.exeexe b0a4f0bcf5d3afb6496b5170b629ae15faad8d99b1ff707c86f26cd7d1ee3bf5n/a CredentialFlusher
2025-04-21random.exeexe 21ff89505012e52c2660ff7267ca5dbd0b0e97e8b1d6b503b200273f541ab9f1n/a Amadey
2025-04-21random.exeexe 87be990b3c5974a56f5e6f406e960adea12a544f243cae99374fbb3409e5e308n/a CredentialFlusher
2025-04-21random.exeexe ce23b05499badea64685798fe4ed42fadc25008d871e9a67a56ae0e83134334en/a DarkVisionRAT
2025-04-21random.exeexe 0d60ed897f58b56823755784e63aac00446bd96c93facc216d911e8b5530cb21n/a Amadey
2025-04-21random.exeexe ae0b5c75dc91c256de3be5ef5d49fd6b438c557a02493e5782f19efc3ea15cffn/a DarkVisionRAT
2025-04-21random.exeexe 21280cf5c8ea9eb4a07453ba315c6206c7667852ef7e408374aed596da62898dVirustotal results 65.28% Amadey
2025-04-21random.exeexe b80e45902de7b7faeb9d3a1a839d2a2f1be55bf8acf59cbdd3d73536184c92daVirustotal results 63.89% DarkVisionRAT
2025-04-20random.exeexe e84862d15c5af1cbd077d9e102ece39089de0b074536b7ad6a51791c709e17f7Virustotal results 66.67% RedLineStealer
2025-04-20random.exeexe c4cf0df2f4b50c53e2e8c9b9092fdf0333befea846bd8179d25bd9cf2d88ee53n/a CredentialFlusher
2025-04-20random.exeexe 4e5b22911e10952c400c546823c84107a6da2ccbfd63e32ed3a768c3740e1ffan/a CredentialFlusher
2025-04-20random.exeexe 9d4076c2967a17d46c62ac05a75b2d365a2e55d73f04496d908feea931b589f9n/a CredentialFlusher
2025-04-20random.exeexe ddf43bb27ddcc7fdd51c87932adc1a6eb439d732eeb7f59a0dc37cea72e50d48n/a RedLineStealer
2025-04-20random.exeexe 8e14e76a0f80b1613377897c08aaca8ecaa975e22014fc7ee99bbd24c3b14b09n/a Amadey
2025-04-20random.exeexe fc5c5c99e17bb086c8b6ca9c23bbc2510758ee3f96ee39261c9ad5ff6ce83787n/a RedLineStealer
2025-04-20random.exeexe 67b971cc385a4b5241f301f1d9ecef51dd445518bc0cee675d29e67292134379n/a CredentialFlusher
2025-04-20random.exeexe c060719a3c3396dd56bf96418110513abd36346e6ccb0c53b441b002178d909an/a RedLineStealer
2025-04-20random.exeexe 319baba88066e4a293537a4b6776626f0eb9e9368a9911c9b10a67c8e70d5763n/a CredentialFlusher
2025-04-20random.exeexe e000a185be1a4c0d10ffb97e67a7cbbd773d3caac4cdf88148d320e0f4c49fe2n/a CredentialFlusher
2025-04-20random.exeexe e6c000b065675e7a39fc024de040ee0980d99f6fca3f535602e6eeef31189604n/a CredentialFlusher
2025-04-20random.exeexe 1f3e7688b678f4cf0548768090f21971260297e68e213f633e2688ef84f73fd7n/a CoinMiner
2025-04-20random.exeexe 57bffd1e2ed97bf63305ecda163b1746590815cd6ae84700300ac45ecdb52a96Virustotal results 70.83% CredentialFlusher
2025-04-20random.exeexe dcec00a2eb34ad87da680bf130d6b4be666d558bd1b5ed2421aa59e67c1abf98Virustotal results 64.41% Amadey
2025-04-20random.exeexe 95326a4e8873bf8040c8a7e93555909664cc5741dfdc02b99d8732d2b1d2c7e8n/a CredentialFlusher