URLhaus Database

You are currently viewing the URLhaus database entry for http://wa-producoes.com.br/4m5Lb0xKdUs9N49_eln5oEXK/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:115571
URL:http://wa-producoes.com.br/4m5Lb0xKdUs9N49_eln5oEXK/
URL Status:Offline
Host:wa-producoes.com.br
Date added:2019-02-01 21:08:12 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:@Cryptolaemus1
Abuse complaint sent (?): Yes (2019-02-01 21:10:04 UTC to abuse{at}unifiedlayer[dot]com,ipadmin{at}websitewelcome[dot]com,abuse{at}hostgator[dot]com)
Takedown time:6 hours, 14 minutes Good
Tags:emotet epoch2 exe heodo

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2019-02-02jD39B.exeexee6507bcd7520457d8bde704f74814dd242f3c254eb257b7c68e663fbfc635b99Virustotal results 15 / 68 (22.06)Heodo
2019-02-01awLHeH67SB8.exeexef391bd4b97026a0a26f0f8fb138894d97c9c4ec74a08590a071ad6586649d143Virustotal results 14 / 69 (20.29)Heodo
2019-02-01drMgAyTpipJHHy7.exeexe37266781729865713000e8f3b7b764b885064701568ff11747c16f1ca1c384b2Virustotal results 15 / 70 (21.43)Heodo
2019-02-01vGcExzCx1jZX.exeexe4509339437b65f1bea4158ac112d846a6e8ddaed4275666ea1cb3425f0733146Virustotal results 15 / 69 (21.74)Heodo
2019-02-01YG9f.exeexe5016ca91e81164beb11cc356f1f621df8b6a2e885eb53ba4815541cad427f60bVirustotal results 17 / 70 (24.29)Heodo
2019-02-01e4Wxj3dMec2Gh.exeexe6b1b9a38d91d70b7a6563f54a12c9d436de717ca396d3d4766c8e5299ccb384en/aHeodo