URLhaus Database

You are currently viewing the URLhaus database entry for http://23.249.161.109/caremen/vbsb.exe which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry




ID:65545
URL: http://23.249.161.109/caremen/vbsb.exe
URL Status:Offline
Host: 23.249.161.109
Date added:2018-10-06 23:54:04 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Unknown
SURBL:Not listed
Reporter:@zbetcheckin
Abuse complaint sent (?): Yes (2018-10-06 23:56:02 UTC to support{at}vpsace[dot]com)
Takedown time:18 days, 17 hours, 54 minutes Bad
Tags:exe RemcosRAT link

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2018-10-25n/aexe 46d25a38bd44ec3b431d80896c77d570f91eea25d6128f4167572cdbac69a356n/aRemcosRAT
2018-10-17n/aexe 4c4e7aeae72884954ca412e51e3c0abca8ec41007d9d4d1e13a775cb14d3049en/aRemcosRAT
2018-10-09n/aexe 64a6c4d3e3a07c6683b6277229436b01b39e010cd56832b28fe51a70901139can/aRemcosRAT
2018-10-08n/aexe b29808c51097c4812a4b09fa7ed0f8aa71c7537397f68d7c441dd43bae77f782n/aRemcosRAT
2018-10-06n/aexe 4e4717e9c98e4ef90e5240273be88617cdc60c43174171785db52ea9fbb00a4eVirustotal results 35.29%RemcosRAT