URLhaus Database

You are currently viewing the URLhaus database entry for http://185.189.58.222/da.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:4100
URL:http://185.189.58.222/da.exe
URL Status:Offline
Host:185.189.58.222
Date added:2018-04-10 05:21:28 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Unknown
SURBL:Not listed
Reporter:@abuse_ch
Abuse complaint sent (?):No
Tags:exe Ransomware.GandCrab

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2018-04-14n/aexe6d1e7233c698c47c231e7d89500ddca5dc7a2efb12611395848ea024c01f6e57Virustotal results 30 / 65 (46.15)Ransomware.GandCrab
2018-04-13n/aexe93aac54d061ef795aa4cf2071b45a6b6164e227b40bd4e6cd8a2f290dcf58357Virustotal results 36 / 66 (54.55)Ransomware.GandCrab
2018-04-12n/aexe7b09bb0b1c6c22ea4d8f411a66995839cb1d295e158ac049b99e91827780e5can/aRansomware.GandCrab
2018-04-12n/aexe8c8d7bd6ae0bb0e46c7f359b00a75e8937a0654812a16b01efe21a088d71f970Virustotal results 23 / 67 (34.33)Ransomware.GandCrab
2018-04-11n/aexe9df5a12aad42c50f533facdc66bd9416b015983f2623a3b292ee5cc315fa7068Virustotal results 22 / 66 (33.33)Ransomware.GandCrab
2018-04-10n/aexea8c4a89f2dd8c43f29f336cbd9af2a1cee3f9309c54de20ac86730feb127f667Virustotal results 17 / 67 (25.37)Ransomware.GandCrab
2018-04-10n/aexea308afc077da522c34499d172c1fca10b35c19812483477890c1c2bb8a04dd77Virustotal results 22 / 68 (32.35)Ransomware.GandCrab