URLhaus Database

You are currently viewing the URLhaus database entry for http://185.156.72.2/files/6364217164/jzQILRF.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3558736
URL: http://185.156.72.2/files/6364217164/jzQILRF.exe
URL Status:Offline
Host: 185.156.72.2
Date added:2025-06-06 14:00:09 UTC
Last online:2025-06-25 20:XX:XX UTC
Threat:Malware download Malware download
Reporter: c2hunter
Abuse complaint sent (?): Yes (2025-06-06 14:01:08 UTC to erishennya[dot]res{at}gmail[dot]com)
Takedown time:19 days, 6 hours, 58 minutes Bad (down since 2025-06-25 20:59:48 UTC)
Tags:c2-monitor-auto DeerStealer donutloader dropped-by-amadey

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-06-21jzQILRF.exeexe 60a7ba37ebffb23c49f1dcb2897fbd3b58f7de2692a068866d1d68c3489789daVirustotal results 43.06%DeerStealer
2025-06-17jzQILRF.exeexe d8d487fdb3efe93da96a48c48667dc82d0d95c9f6622650ceef99ef1f7a418fcVirustotal results 40.28%DeerStealer
2025-06-13jzQILRF.exeexe 71650773a806fe7c9caf81aa196f0102efabf33c3dc6114e7d7075e8e94eee8cVirustotal results 45.83%DonutLoader
2025-06-11jzQILRF.exeexe 47b2c69da9954e10ca7405049b8dc8c0fad36cb099f09c3e518aaeb0e07ebd7bVirustotal results 35.21% DeerStealer
2025-06-09jzQILRF.exeexe 58a5e3bb70bcb50147587807794bcee8ee3c7e5c67a630b092e7899d2a50c83bVirustotal results 12.50%DeerStealer
2025-06-07jzQILRF.exeexe 7146b6f71a2cf88ab3db8821e45f85468e3ad4e9d435d9b3682142a1bd64b7b1n/a DonutLoader
2025-06-06jzQILRF.exeexe 735b083e68d437acbaa085cab0ad423f1b065497dfdce48acf9320eeeb2e14f4Virustotal results 39.44%DeerStealer