URLhaus Database

You are currently viewing the URLhaus database entry for http://84.38.130.164/bin/system.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:5320
URL:http://84.38.130.164/bin/system.exe
URL Status:Offline
Host:84.38.130.164
Date added:2018-04-15 06:48:36 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Unknown
SURBL:Not listed
Reporter:@abuse_ch
Abuse complaint sent (?):No
Tags:exe JBifrost NetWire rat

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2018-04-20n/aexec43702e0fa0c39b0a5a941c9e8e98f392db9684d080ee0e9005e2c44b093d1b0Virustotal results 8 / 58 (13.79)JBifrost
2018-04-18n/aexe74fd0908189657d6bf6b614563901960dd89d3d3b376884f1a8cc42a23544faeVirustotal results 27 / 67 (40.30)JBifrost
2018-04-16n/aexe02088be947e95717f4301561338f8cb41ffc23772ec04932eacc4f89a405cf6dVirustotal results 10 / 68 (14.71)JBifrost
2018-04-15n/aexee66c5a4744a0adbb4f7989a5ac022269e731f9d78a0b7428cbb914b44785a1a0Virustotal results 41 / 67 (61.19)NetWire