URLhaus Database

You are currently viewing the URLhaus database entry for http://mandala.mn/update/two.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:59716
URL: http://mandala.mn/update/two.exe
URL Status:Offline
Host: mandala.mn
Date added:2018-09-24 13:01:42 UTC
Last online:2018-10-07 22:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Blocked
DNS4EU :Blocked
Reporter: oppimaniac
Abuse complaint sent (?): Yes (2018-09-24 13:02:05 UTC to oyunbold{at}datacenter[dot]gov[dot]mn)
Takedown time:13 days, 9 hours, 37 minutes Bad (down since 2018-10-07 22:39:41 UTC)
Tags:exe Loki link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2018-10-05n/aexe 553ea4d8712c935b9d7053fcb8b0c0f5aa300b31c7e4e5d5f2a52b56bbd026dcVirustotal results 49.28% Loki
2018-10-03n/aexe 25b9e10774ac3354228380f2cf2e2b7be114e3435a265a3990e9265d51378e5dVirustotal results 50.72% Loki
2018-09-25n/aexe 6ff5ec7804257d026c76d92f096476a79f89e22317ca5bd5e34dac908235a05en/a 
2018-09-24n/aexe e9cced0b9ebefdba76a527b00dcb635a37ea0274f5b8038e9eec809bf2a500e0n/a Loki
2018-09-24n/aexe b0b44f91f7ca8bb8a9133e21e372aca05be9c2d178bcec5df33a9b5bbc4e25dbVirustotal results 16.42%