URLhaus Database

You are currently viewing the URLhaus database entry for http://117.72.183.111:88/1.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3597379
URL: http://117.72.183.111:88/1.exe
URL Status:flame Online (spreading malware for 9 months, 24 days, 19 hours, 35 minutes)
Host: 117.72.183.111
Date added:2025-08-06 07:31:17 UTC
Threat:Malware download Malware download
Reporter: Joker
Abuse complaint sent (?): Yes (2025-08-06 07:32:20 UTC to ipas{at}cnnic[dot]cn)
Tags:exe expiro Gh0stRAT malware Worm.Ramnit

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-03-111.exeexe 55866f0c5b53419c79d7be9b565e338091f4aa755a278eaca887f03ece544c7an/a Gh0stRAT
2025-11-111.exeexe 01a0c63b05eef0cd476b33d9217e68f4f167fd6cef1d20c685029eb944d5393an/a Gh0stRAT
2025-10-171.exeexe f26c192f693fda7e841ec126feec2a0394a855b144877846715da1d83ddbdfebVirustotal results 73.61% Gh0stRAT
2025-09-141.exeexe 5926b167cc4cd9f67d5e57dfeda355c30e5e1efed736a840d86e27589da310fan/a Gh0stRAT
2025-09-131.exeexe 700e5fd21cde45f04e205461c3424957985ce20dee95e9d552672e8c883d462cn/a Gh0stRAT
2025-09-101.exeexe eaa910dd94852f8950bf638a34817668f6968a988e802f3540a71ca873d9f595n/a Expiro
2025-09-091.exeexe 26b8e9af3705ca4bb7b6dad61114543c3f627831c957d0e2d15387f67919b3e0n/a
2025-09-051.exeexe cebf6f71405927552ad2f5062d9b8fb04fe835995a6a28d8c4e9cb81b01c9b74n/a Gh0stRAT
2025-09-051.exeexe 36653c216eb9cb306643e7be2d00308b442ea0437ec4aef85119ac96af77dc8an/a Gh0stRAT
2025-09-021.exeexe 331ef7552e9e9aa60e4e3259e3d18b72da5b3b6afb8a2910f7641fd03a0efb00n/a Gh0stRAT
2025-08-311.exeexe 2c13fe8e5c53c8295a23a1aa05b0b2a4fca360b8cc4588c29c789abdad230823n/a Worm.Ramnit
2025-08-281.exeexe f886ab1ac07a194c1e7891273f65d51080c7d0ec1cd9e915fe5e4bdbddc7ac5en/a Gh0stRAT
2025-08-281.exeexe a2fb7eee1d8c73da7a21cd27cf7f7dae403cedcb09152bed1d80040ca29f25f9n/a Gh0stRAT
2025-08-271.exeexe 45da2626e225585982d6562795d32ceea2b4a3f3bdc54d1ae21834da16eed99en/a Expiro
2025-08-261.exeexe 4e61c39cf5f38a3b42274812099783339fd4bd5cd832fef54f6ce55e211a6231n/aGh0stRAT
2025-08-221.exeexe 5a8f056aa16cbc0c4279c2c69484382e210bc976d716c4c520211911643109b2n/a Expiro
2025-08-221.exeexe c8e9154fec908a53726ff46b273be49e607848f721c200f570ddce7db1ce90b3n/aGh0stRAT
2025-08-211.exeexe ccf845d5b347b2cfba441f46c9e332e92b8058c5c78bb34d62c8b782b53099b4n/a Expiro
2025-08-201.exeexe ccd2c7e01260f822af43e7f2e86a561b316265b0ab6f2e742de135be034c2bdbVirustotal results 70.83%Gh0stRAT
2025-08-191.exeexe ec80d93aaecba6635daf4734636037ae94989405a3821e83693dd9e00ac0959cn/a Expiro
2025-08-181.exeexe 28382c4f124fb6b6c6b221fc9d6762da769ffca15dbe6f4686459abbf4475f42n/aGh0stRAT
2025-08-151.exeexe 59b9380e679c962231a56bafcc34adf7b32e4283a9647c01a515ff7892674fadVirustotal results 76.39% Expiro
2025-08-141.exeexe 1fe91889a5e0ad1b8d5bac890e368ae766dae2ea403eb9ddda3b979ed11de3bcVirustotal results 76.39% Expiro
2025-08-121.exeexe 31f4751199f4a25e388089397cf745d8f25a82eeb04e3c67a950013c4124bef4Virustotal results 76.39% Expiro
2025-08-091.exeexe 8c4ef251ea997f6c7345a40deb53b60c3f57bc82658d8f006eed2f6f46bfdeden/a Expiro
2025-08-071.exeexe 654b3e412589ea4fc5e68d78823c0472852aa75824e8a243bdffe8a4ea2fd231Virustotal results 75.00% Expiro
2025-08-071.exeexe 02cc819b0a609a0251c5183dda98143a08bec5f182f6c90b51ed072e7fb06862n/a Expiro
2025-08-061.exeexe 27f73cc9ac8e885afbafd23616f243f471eee6f6ce54960eb2f7fad15d70ece3n/a Expiro
2025-08-061.exeexe f94fbdb119333050cde20ebb4927eb59b4dfe2007b6536fba7d96e9458e131f5Virustotal results 67.61%Gh0stRAT
2025-08-061.exeexe 959b2730733cbdf318af517c330cf36c00c35aced596cc91af84d610dbe45c8aVirustotal results 75.00%Expiro