URLhaus Database

You are currently viewing the URLhaus database entry for http://167.160.161.247/l838.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3590320
URL: http://167.160.161.247/l838.exe
URL Status:Offline
Host: 167.160.161.247
Date added:2025-07-26 10:00:08 UTC
Last online:2025-08-16 13:XX:XX UTC
Threat:Malware download Malware download
Reporter: abuse_ch
Abuse complaint sent (?): Yes (2025-07-26 10:01:14 UTC to abuse{at}virtualine[dot]org)
Takedown time:21 days, 3 hours, 33 minutes Bad (down since 2025-08-16 13:34:40 UTC)
Tags:exe LummaStealer

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-08-14l838.exeexe 342e02bc056328c9e4be3151749135f6defa43f5b875707ff213e59110797144Virustotal results 33.33%LummaStealer
2025-08-14l838.exeexe 4aabe5374e83c51461e883aa51c181a4334b226ae6bafd6643c9bf7b56d5f981Virustotal results 63.89%LummaStealer
2025-08-10l838.exeexe 99c418b25045ea631e81565e96967b2207c89e2bf65cda379ae925fc0f0c36d3Virustotal results 66.67%LummaStealer
2025-08-08l838.exeexe 9b9a287d6e3e20cb7ff4a37c97e3bb9715f609c4b3a3adfd0b37b4a6ff193285n/a 
2025-08-05l838.exeexe e3d63f823c7ce84e013e1726c45ea9c7384cd5c55471d9ca793af2ccec8a10f6n/aLummaStealer
2025-08-01l838.exeexe a39a681bba715b89324d87acdb754c762e7b8e3fabd90d74b815888f842934e6n/aLummaStealer
2025-07-31l838.exeexe 5feeff7cda9b5c1e544f0cc555725d713624f886fb1586c4fc1fd1cabc72fb33Virustotal results 30.56%LummaStealer
2025-07-26l838.exeexe d6b133ca61cec0567670b62bf6d07ac79204936d8f9a3e30d065015ba3d97b4en/aLummaStealer