URLhaus Database

You are currently viewing the URLhaus database entry for http://178.16.54.200/files/5900855435/YXJ9Hvg.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3617815
URL: http://178.16.54.200/files/5900855435/YXJ9Hvg.exe
URL Status:Offline
Host: 178.16.54.200
Date added:2025-09-05 14:56:09 UTC
Last online:2025-09-19 21:XX:XX UTC
Threat:Malware download Malware download
Reporter: c2hunter
Abuse complaint sent (?): Yes (2025-09-05 14:57:12 UTC to abuse{at}metaspinner[dot]net)
Takedown time:14 days, 6 hours, 8 minutes Bad (down since 2025-09-19 21:06:02 UTC)
Tags:c2-monitor-auto dropped-by-amadey LummaStealer

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-09-15YXJ9Hvg.exeexe 85333900ee48425c1e50979e3f7ae10fe7cf4299db408cda48846d5e8bf09d10Virustotal results 44.44%LummaStealer
2025-09-14YXJ9Hvg.exeexe 90f8c56f4ce33d86a6096e1c9bbda0e83718e44233410a376bd4fbf5f9946aaeVirustotal results 56.34%LummaStealer
2025-09-12YXJ9Hvg.exeexe baa3b74c93fa2cfb0f1d659e4a014bff80e4d653d98ebedad852dbd0145ecb13Virustotal results 54.17%LummaStealer
2025-09-06YXJ9Hvg.exeexe 6010fce772793e35168d6216a5127bcbbd68829b0d80ea7bb5e7289c0ddd0643Virustotal results 44.44%LummaStealer
2025-09-05YXJ9Hvg.exeexe 97b252e5f69334d194b770cf4a5d6839e0538f2942dbeb88170190751bf72482Virustotal results 77.78%LummaStealer