URLhaus Database

You are currently viewing the URLhaus database entry for http://185.156.72.2/files/7453936223/08IyOOF.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

ID:	3542088
URL:	http://185.156.72.2/files/7453936223/08IyOOF.exe
URL Status:	Offline
Host:	185.156.72.2
Date added:	2025-05-12 14:28:09 UTC
Last online:	2025-07-02 10:XX:XX UTC
Threat:	Malware download
Reporter:	abuse_ch
Abuse complaint sent (?):	Yes (2025-05-12 14:29:08 UTC to erishennya[dot]res{at}gmail[dot]com)
Takedown time:	1 month, 20 days, 19 hours, 51 minutes (down since 2025-07-02 10:20:56 UTC)
Tags:	exe LummaStealer

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Bazaar	Signature
2025-06-28	08IyOOF.exe	exe	05e17a331ca058df53684857247fc423b4a9c4f0804c08cba532227eafe33806	55.56%		LummaStealer
2025-06-19	08IyOOF.exe	exe	6872600b6f16078df28079124b9acfec03b534cde0c0dd9588aff718e901dd7e	n/a
2025-06-08	08IyOOF.exe	exe	bde974e262d193cfb99dc558f2d227665f5e15fdacab30cdc3f00018cd33e1c5	n/a		LummaStealer
2025-06-04	08IyOOF.exe	exe	04c0a81857162cc18343b292804d2f6bec491f3eeb3689b65c1b183fbfc74668	38.03%		LummaStealer
2025-05-30	08IyOOF.exe	exe	11a7be9d636486515b24c10826b0537c174a368cbea06b99c4f17204e5d7f447	43.06%
2025-05-25	08IyOOF.exe	exe	0a81714ddd5c1d08dda8cfd3ccd4c86a48d60a4d9568cc83154c4a027db5c949	34.72%		LummaStealer
2025-05-19	08IyOOF.exe	exe	6c0816cd05cc9c52d1356c90e09110159968f39078bd4ebe90842637bd9d544b	n/a		LummaStealer
2025-05-16	08IyOOF.exe	exe	5125bdd56a603dcb3929a4bf2282467ded28ccfed837d908ad4eff4246f43e94	n/a		LummaStealer
2025-05-12	08IyOOF.exe	exe	e13f38636c5776a92885f62831bc323f843256c147eafcd79eafe96762a6145a	76.39%		LummaStealer