URLhaus Database

You are currently viewing the URLhaus database entry for http://178.16.55.189/files/8434554557/yfUrA3L.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:3630973
URL: http://178.16.55.189/files/8434554557/yfUrA3L.exe
URL Status:Offline
Host: 178.16.55.189
Date added:2025-09-24 12:32:08 UTC
Last online:2025-10-05 14:XX:XX UTC
Threat:Malware download Malware download
Reporter: c2hunter
Abuse complaint sent (?): Yes (2025-09-24 12:33:09 UTC to abuse{at}metaspinner[dot]net)
Takedown time:11 days, 2 hours, 22 minutes Bad (down since 2025-10-05 14:55:23 UTC)
Tags:c2-monitor-auto dropped-by-amadey PureLogsStealer

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2025-10-05yfUrA3L.exeexe 217f193c08ad80f6cc405608b6f67a5ce7e0c4074e5c2d4be6e758b7694337b5Virustotal results 25.00%PureLogsStealer
2025-10-03yfUrA3L.exeexe 942c8369d6fb52e184622d28061bfd09e9b303127038517724e57414bb20d0eeVirustotal results 25.00%PureLogsStealer
2025-09-29yfUrA3L.exeexe 602d5c38320b020a7608dd6bbb672d80284d3b34e1b799b284df6ecb28de93fdn/aPureLogsStealer
2025-09-27yfUrA3L.exeexe 0782b33182342073176b47d4b0185996819b1342d574b5bc86c7ba81e2b28c5aVirustotal results 18.06%PureLogsStealer
2025-09-26yfUrA3L.exeexe 52c49ac9da8e15e504b82a11bf733adcdbf6faca3f4029ff881b8e5d5d915526Virustotal results 41.67%PureLogsStealer
2025-09-24yfUrA3L.exeexe 6d2944f334acc2722e643ad9742a081314ff2bd8c4b71ddf5561636dc3e83377Virustotal results 45.83%PureLogsStealer