URLhaus Database

You are currently viewing the URLhaus database entry for http://185.156.72.2/files/5494432675/sGe7ljJ.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3553538
URL: http://185.156.72.2/files/5494432675/sGe7ljJ.exe
URL Status:Offline
Host: 185.156.72.2
Date added:2025-05-27 09:55:07 UTC
Last online:2025-06-15 16:XX:XX UTC
Threat:Malware download Malware download
Reporter: c2hunter
Abuse complaint sent (?): Yes (2025-05-27 09:56:08 UTC to erishennya[dot]res{at}gmail[dot]com)
Takedown time:19 days, 6 hours, 30 minutes Bad (down since 2025-06-15 16:26:19 UTC)
Tags:c2-monitor-auto dropped-by-amadey LummaStealer Vidar link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-06-13sGe7ljJ.exeexe 4b0b8f7d84dd18e2f05b08a04a17c5b24a96d2d5041317d53e2216b64beba499Virustotal results 48.61%LummaStealer
2025-06-12sGe7ljJ.exeexe 36346cd452545870801b75f7a272c6107aa6edea6d21e643d729988866ec1d6aVirustotal results 33.33% 
2025-06-10sGe7ljJ.exeexe 528b62bd1a96146d8fe12650658b947ba3ac22cddc5edd2d7f31c511ef4a245eVirustotal results 18.84%LummaStealer
2025-06-08sGe7ljJ.exeexe c9c51bc3e8ede9f8063e6d72980e191c4643f541446d3c4df04d3980be87d524n/aLummaStealer
2025-06-08sGe7ljJ.exeexe d48566405de6e13989aecf1cf51c91a63eb03bce954647d56f09b0873cb68c10Virustotal results 29.17%LummaStealer
2025-06-06sGe7ljJ.exeexe e4b8bb93303b3732823c89b780cf28b7274881be6e67e566b4218d7bb1c39abdVirustotal results 22.86%LummaStealer
2025-06-04sGe7ljJ.exeexe 8a8689a5d75999f25e635fd0fc2a74785f0c79ebc15de4f340b4fdf4f37ff894Virustotal results 29.58%LummaStealer
2025-06-03sGe7ljJ.exeexe 3c0a3dd2c63cf0e15b484f307a8b9aa73235767caeb0bf9557ac0bad863bb029Virustotal results 31.94%LummaStealer
2025-06-03sGe7ljJ.exeexe 9c545a317839d66b308c4aa79331ff80145db49ba894af216fc2381525436f8cVirustotal results 12.50%
2025-06-02sGe7ljJ.exeexe 98487faac4ceaf0e2dcaef11ed2426d9512facb4dc5f37395f9298582634f56dVirustotal results 45.83%LummaStealer
2025-06-02sGe7ljJ.exeexe f986ba6588fde81e5677a40d8e854846010d8f21844eba20373af52e458cb234Virustotal results 42.25%LummaStealer
2025-06-01sGe7ljJ.exeexe 2308fdde263923ffc522c1254ae22aa3e950529f5829a8419f3db6847db951a0n/aLummaStealer
2025-06-01sGe7ljJ.exeexe d29f1a81cb0cb805d5504629d2f9b4345b28f901fbb0183834212be5a630c886Virustotal results 47.89%LummaStealer
2025-05-31sGe7ljJ.exeexe 80052df31374b409c3ea4c8829fb05e9c7cfa00b62a9720051ce947f9dfb4b03Virustotal results 43.06%LummaStealer
2025-05-31sGe7ljJ.exeexe 0f9bdbeb3792f2f6a77abd2a701d0fbce2ced78ae0caac5e79a84e42ac2d0d43n/a 
2025-05-31sGe7ljJ.exeexe fc6fa3e162b32ced1b8290ccaa191857693a4e3626c4e527c617b29bad2e663fVirustotal results 44.44% 
2025-05-30sGe7ljJ.exeexe ff1296a29a39cb1d8b3df1cb8102fd05136fb6e82386491c5e14fc25e2f94f56n/a 
2025-05-30sGe7ljJ.exeexe c0daf27ed54d0cc607c61a31ae6a90938ba304468b34b66bd6841aaa8ce54e46Virustotal results 47.89%Vidar
2025-05-30sGe7ljJ.exeexe 61438c1b671a59bc4ef0b6952577fbc6f1feb5ab0f00ded56c39a488c8242f9eVirustotal results 45.07%LummaStealer
2025-05-29sGe7ljJ.exeexe 56878671e06c63b976d0726b1a01223534ac9ea783366840ada8d05537e45be3n/aLummaStealer
2025-05-29sGe7ljJ.exeexe c0637b0bc05c87ce30b8921b0021b8de7dc286380d8c55b4375961228a3ada27Virustotal results 40.85%LummaStealer
2025-05-28sGe7ljJ.exeexe 4204f65d60e5afef5f7f5369142c20d01998671160f5faec05354a2db2169e2dVirustotal results 50.70% 
2025-05-28sGe7ljJ.exeexe 2089d486d4da30b8cf434ce7d0c3676aba8d29a90fc0e03394c60b39c1b20a32Virustotal results 37.93% 
2025-05-27sGe7ljJ.exeexe 18448e2f5edf101aa44a943c6ec875599cfb2f1a4b39388f08830b9eaa7730ecVirustotal results 36.11% 
2025-05-27sGe7ljJ.exeexe 846d9325bf766bd2b4faa6b6d8b1d115e3633df9c966e02487c710aaa5e61660n/aLummaStealer