URLhaus Database

You are currently viewing the URLhaus database entry for http://66.63.187.164/v999f8.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3562395
URL: http://66.63.187.164/v999f8.exe
URL Status:Offline
Host: 66.63.187.164
Date added:2025-06-16 06:22:07 UTC
Last online:2025-07-15 05:XX:XX UTC
Threat:Malware download Malware download
Reporter: c2hunter
Abuse complaint sent (?): Yes (2025-06-16 06:22:24 UTC to abuse{at}virtualine[dot]org)
Takedown time:28 days, 22 hours, 59 minutes Bad (down since 2025-07-15 05:22:02 UTC)
Tags:Amadey c2-monitor-auto dropped-by-amadey xworm

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-07-14v999f8.exeexe 9a48791ce4a8a84da69e681b573be582fb3c6eebb2a20874310873fd39b3e5eeVirustotal results 44.12%XWorm
2025-07-12v999f8.exeexe 526bcbcd52ee42370b6f1058d850813a6a802ad80a2bc387f8e884f7cd151d47Virustotal results 45.07% 
2025-07-08v999f8.exeexe b60a32eb10bd8116ec74bf71318ecb7ae1dda54fa266a81cd98f6dfc03ffd652Virustotal results 47.22% 
2025-07-07v999f8.exeexe 33033f739d757918a5a69c6d0d47fceb724128dd2fa0f2bb76d6a307f283d26fVirustotal results 48.61%XWorm
2025-07-03v999f8.exeexe d17dbd27deb737cb8e02e1c05823ec358c4a919cb36ec9f783845bad0d92e16aVirustotal results 41.94%XWorm
2025-06-29v999f8.exeexe 63d9d59c9f36e2496a5842f5fba7a171c270d17319271d6685afda7c38417349Virustotal results 51.39%XWorm
2025-06-28v999f8.exeexe 7b748fbc361bb66d5af0ab5c7e709186b1a3110e9fa0a2912a2e6b577d8b0b94n/aXWorm
2025-06-27v999f8.exeexe 2d2506e0655a5f5c2bb91fa474998dcd88c77b91eb639c72f4a3bc92e2416c4eVirustotal results 36.62% 
2025-06-23v999f8.exeexe 715f32d3ba36774ca6d9428f60872e309e88915575e7a10bda2e85eea28f0a9aVirustotal results 34.72%XWorm
2025-06-22v999f8.exeexe 9b27277854d19bd2015d5af143ff17e1466bef512cdc3c29a9eb262ecbabc0bdVirustotal results 31.94%Amadey
2025-06-20v999f8.exeexe 9f49ae273a8087da0c1604a8d665b4381ac8d3f51c9ccbd65097181594452b85Virustotal results 28.17% 
2025-06-16v999f8.exeexe d6085d46c672a2a678af3c8d245227a5665a7adc5149d721bcc3229d9c987f5aVirustotal results 27.78%Amadey
2025-06-16v999f8.exeexe 545fcfa74ab3830c3529202dad8af360a1578b6eff550bf5d9986ab1af40554fVirustotal results 52.78%Amadey
2025-06-16v999f8.exeexe dffb6dc781261370654389e525a629ab9368b2fca8ffb545b879adce237ec3ddVirustotal results 41.67%XWorm