URLhaus Database

You are currently viewing the URLhaus database entry for http://185.156.72.121/test/exe/random.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3540272
URL:	http://185.156.72.121/test/exe/random.exe
URL Status:	Offline
Host:	185.156.72.121
Date added:	2025-05-10 07:01:08 UTC
Last online:	2025-05-26 12:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2025-05-10 07:02:07 UTC to erishennya[dot]res{at}gmail[dot]com)
Takedown time:	16 days, 5 hours, 11 minutes (down since 2025-05-26 12:13:11 UTC)
Tags:	Amadey xworm

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-05-11	random.exe	exe	120cf737ee936a8fbf7107252c65955e06b93a6fd1e7a97ac9f5876fd3a208e6	n/a		CredentialFlusher
2025-05-11	random.exe	exe	7f6175d71d36f13b135794a7b372e19e2953fe5f7593b824a0d9bb6653b71534	n/a		Amadey
2025-05-11	random.exe	exe	f2bba97a1d9317ae40fae4eb4b2152bf5761a90c43db63855d2828093e5828de	n/a		Amadey
2025-05-11	random.exe	exe	b61f3bd9fb7d6b5cbf0c18ccd7d1a5257088801ee44524e1f2cbe19bec586763	n/a		Amadey
2025-05-11	random.exe	exe	a7f00a44e0b6ce26a5990cdcb4d31d16679767984b92045bb111b06b711d7a4c	43.06%		Amadey
2025-05-11	random.exe	exe	70fab2ec25f982233434d509741bb940acf1805dc2cd4702dc938623624d95b1	n/a		Amadey
2025-05-11	random.exe	exe	d079d49ce3f1b91ff69ac6a9499fcaa5aa901f50f2c46b3ee20236678d6d6018	n/a		XWorm
2025-05-11	random.exe	exe	f16c6bd18c84db0560ae08d00bc6efd84903aabf765fd9b66a1b7f14dbba2508	n/a		Amadey
2025-05-11	random.exe	exe	7e36ab730ab17dacc169054ab1accc278ac5d607ce85d046fec4cbc7557d3d0c	n/a		CredentialFlusher
2025-05-11	random.exe	exe	629295d8556f303c6c5612ac72ddbec9a17084db7cea671cbfc845b7bd3abf69	43.06%		Amadey
2025-05-11	random.exe	exe	508fbd4a61d1e9df80810c8413d1871ac89a00cc41aa043d02e5a0131a42ee6d	n/a		CredentialFlusher
2025-05-11	random.exe	exe	904d900c8d54c6acc8d0685ad4e526e1e6250474fa40b2242c77e73382d3eb3e	n/a
2025-05-11	random.exe	exe	94d9b91b9668d1cae1779b4e67290ab74d3b30039437f3cfbfc3f0b1455ca63d	43.06%		Amadey
2025-05-11	random.exe	exe	0841a60909d658293ebba6b3311ccc498151aad8045bc4893c4b6727e0004337	n/a		CredentialFlusher
2025-05-11	random.exe	exe	332b9c53f4f2fd1fdad2b1515d0ae5ba981367dac621136aee53083ea5f430e7	43.06%		CredentialFlusher
2025-05-10	random.exe	exe	3f19324b758607de3ba29d4f180ad935d7f4de9e5b0d65e864552717336262d5	n/a		Amadey
2025-05-10	random.exe	exe	40f73da2ee0d285854b1ac0fa1f663e811383ca15da4643ac64932194b55f646	n/a		Amadey
2025-05-10	random.exe	exe	321242ad4140bbf2a2e704966ef7f95dab7ba4e33354581a77273b076f9d85aa	n/a		Amadey
2025-05-10	random.exe	exe	4b56f224b6500800936d743380707c803917411a1d18e62722f3cd5e9e82ec1b	n/a		Amadey
2025-05-10	random.exe	exe	27c652e849880cc0f7f5c1d7108b02ff0cd308a64125f4c9a68bc7129121c94b	n/a		Amadey
2025-05-10	random.exe	exe	06ed2c9a9b6af875fe94fbeeae0ee0bc48cced3a95b8c7adc25392055525c222	n/a		Amadey
2025-05-10	random.exe	exe	9c8faa7b3b776046a90cbca0f75af4c15652cd61a71ecbd6a20991dd6eaeeaa8	n/a		Amadey
2025-05-10	random.exe	exe	8dd7ed1b469844274f28556ebd2791a777d7864e10b5d1e58eebe0a29ec99dfb	n/a		Amadey
2025-05-10	random.exe	exe	fe379ace56f1f6d340823cdd7feb7bad5fd98d0da6b049f695394897c6cad30a	n/a		Amadey
2025-05-10	random.exe	exe	0d0ac2d01266f3ed6fbabfd212a5801c9afe7d0d63549af3b9f6a51f6b16e817	43.06%		Amadey
2025-05-10	random.exe	exe	630caa63e4548106fe2bf822dfcf5f9550183cb003c5fd4ddf75adb0d0b72048	43.06%		Amadey
2025-05-10	random.exe	exe	cf9058329170b91db26315190830d9dc6ea27f04a6f737c7624c0d75487a556b	n/a