URLhaus Database

You are currently viewing the URLhaus database entry for http://dfgjhkllkhuuk.info/load/os1/crz.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:3866171
URL: http://dfgjhkllkhuuk.info/load/os1/crz.exe
URL Status:Offline
Host: dfgjhkllkhuuk.info
Date added:2026-06-17 08:03:11 UTC
Last online:2026-06-22 16:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Botnet C&C domain
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Status unknown
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Blocked
DNS4EU :Not blocked
Reporter: abuse_ch
Abuse complaint sent (?): Yes (2026-06-17 08:04:13 UTC to abusepoc{at}afrinic[dot]net)
Takedown time:5 days, 8 hours, 7 minutes Bad (down since 2026-06-22 16:11:27 UTC)
Tags:exe opendir RemusStealer

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2026-06-18crz.exeexe ed3a90d8c8872b2eef99c9b76d941ebef4f47a36bb15f2f8b08bcaa3a432c43dn/aRemusStealer
2026-06-17crz.exeexe 2e2544644c43e065078d1e9419123c1433aa418a1b5539804374c41f5d99433en/aRemusStealer
2026-06-17crz.exeexe 0d2c8871c86d3a73dacf7972b12378bf719d8dbcc0df63463227cbb4bff9b44cn/aRemusStealer