ThreatFox IOC Database

You are viewing the ThreatFox database entry for url https://encalabrino.life/.ssa-auth-connect/scn/reff/ScreenConnect.ClientSetup.exe.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1838706
IOC: https://encalabrino.life/.ssa-auth-connect/scn/reff/ScreenConnect.ClientSetup.exe
IOC Type :url
Threat Type :payload_delivery
Malware: Unknown RAT
Confidence Level : Confidence level is elevated (75%)
Is compromised? : True
ASN:AS393960 HOST4GEEKS-LLC
Country:- US
First seen:2026-06-28 07:45:51 UTC
Last seen:never
UUID:036417b7-7279-11f1-97fa-42010aa4000a
Reporter Decio1
Reward 5 credits from ThreatFox
Tags:remote-access ScreenConnect
Reference: https://www.joesandbox.com/analysis/1934563

Avatar
Decio1
Payload URL delivering ScreenConnect.ClientSetup.exe via a fake Social Security Administration / SSA lure. Initial lure observed at https://dervico.vu/gov/ redirecting to this executable. SHA256: 3a3a545fa6fba486365291f04ea3991937cd862b97858ee67bd8d68a28ac9611. Joe Sandbox analysis 1934563 reports ScreenConnect remote access tool behavior, installation via msiexec, ScreenConnect.ClientService.exe execution and relay configuration. VT: https://www.virustotal.com/gui/file/3a3a545fa6fba486365291f04ea3991937cd862b97858ee67bd8d68a28ac9611/behavior