URLhaus Database

You are currently viewing the URLhaus database entry for http://zz.whatsaapp.xyz/kss/76264-8885/?i=1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:1975220
URL: http://zz.whatsaapp.xyz/kss/76264-8885/?i=1
URL Status:Offline
Host: zz.whatsaapp.xyz
Date added:2022-01-13 23:31:04 UTC
Last online:2022-01-14 08:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: sugimu_sec
Abuse complaint sent (?): Yes (2022-01-13 23:32:10 UTC to abuse{at}cloudflare[dot]com)
Takedown time:9 hours, 14 minutes Good (down since 2022-01-14 08:46:56 UTC)
Tags:doc emotet link epoch5 heodo link

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2022-01-14YZKV_0852435.xlsmxlsm e7dff9977a528e887ecaa6aa818a1ddf868d700f6e13078ac53d801c61d4771aVirustotal results 27.87% Heodo
2022-01-1495471-66.xlsmxlsm c94b6907928429e7d56f171d9a379d24c0250086ffbeb2a9da5dde1049fa569fn/a Heodo
2022-01-14YKYD41.xlsmxlsm dc929317cca3b519661820052cd357c4891f7725de37b15637010b5903292a0bn/a Heodo
2022-01-14097055-3863.xlsmxlsm 0766c61d5d861dd6db71ee8f535e5f405f9d7ae80dfc5c83938e000d2b4ba58an/a Heodo
2022-01-1418659115-339554.xlsmxlsm a89097e556d8e582deba3d9f6c471d585cd8ea41cf7e40480f967985ed90e60dn/a 
2022-01-14ZOY-7180.xlsmxlsm 38b84fcdf7e7ed1a95a221a66ebb59bf63847b414da3370144e103a23b9a577an/a Heodo
2022-01-145424-859.xlsmxlsm 992922c0dd74c7f68096c93f4df4d4fb642f1503e40b7b20eef156edebe70839n/aHeodo
2022-01-14GLU-0837184.xlsmxlsm ff585f534b9fcb8f660da3a92bdf92629e9d66cc31aceff6d3cf69be3aa2da60n/a 
2022-01-14476XMEHS_88549.xlsmxlsm be9b720458252f06a6688c838079c24730523961b9242c3a0c76ef5c4c1ac949Virustotal results 26.98% Heodo
2022-01-14WG_05.xlsmxlsm ec237a7588cb70688e3f57edf9ec59126b234f51b996b68000604002a379dc5dn/aHeodo
2022-01-145067226GAQKOHVHQY-1.xlsmxlsm 59ae2ce51e3e9e2d3e412dcf23488aa002acb72d34656606872d00bb4ab0eca3Virustotal results 26.98% 
2022-01-14HRW-2710620.xlsmxlsm 878245ca533c239b7066ce1bb483d8cd42a8d5887954c3e4db00b5a52d46f354n/a 
2022-01-1431283817-98872.xlsmxlsm 296171d1b92b175041ee3829e60a6880b93861ef09614e912d112777fc2fe13aVirustotal results 26.98% Heodo
2022-01-14wtes_5560999.xlsmxlsm cb0d9916b6be6d3b9d52d057b5b8aa3b223284abe331467dea72eca27165a618n/a Heodo
2022-01-14MSZ9013466.xlsmxlsm efe94cedd53de019cc10da7939e5ea9a62de62e66cb917b3d2ffcc8f2fba969dn/a Heodo
2022-01-14TZXK-3103396.xlsmxlsm b8e60cbecfbe9cdc725b0f3fc1524d2004d7a1e7a7aca69e4f7bc0ce89fe2f54Virustotal results 26.23% 
2022-01-14YQ-164.xlsmxlsm d7e424ccc4f316f9abbabc2a3b0bc47b61daf071111fed745056ffc823c541c1n/a Heodo
2022-01-14g-854802.xlsmxlsm 77f9047608db228251671697e703de19448819776d18446a1c5cbae840087e02Virustotal results 25.81% 
2022-01-14ICHS_64070.xlsmxlsm a0a8993ac49af8c9a67d95350e800f6adfbc38b6bfc5a7c213eca23b0b9e5857n/a 
2022-01-14n_5423.xlsmxlsm 620279fcd1238b22b28ff6e4d98f577b33d7dcfe09e7729f6ffd76070cec42e8Virustotal results 25.40% Heodo
2022-01-142960206_4.xlsmxlsm db24f279d1e6ca28783d945c325f1a530ba117171035e72ca275e3bbc0d8bfd2n/a Heodo
2022-01-14205153KSZSMFZZBI_8820.xlsmxlsm 6865b7a1dc0601641ca16e96af174f9dfceb18c137e19db1801def5dccb3b79cn/a 
2022-01-14N-9481383.xlsmxlsm 675e9b8ca552efccc34ac7a2f9fff8ef872d7a5cf5790aca00d33baebff47a87Virustotal results 24.19% 
2022-01-14ZUT_59.xlsmxlsm 81bb7a133cc21a5f209bb293819b5157ff69fb246fd652a40caea0a5d98d90c3n/a Heodo
2022-01-1387ERQSGX_648.xlsmxlsm e50a105ddea8f6a8d4e939cfb72b87b38a7ca408cbbf06301b2955af36c978edVirustotal results 24.19% Heodo
2022-01-1333813_1.xlsmxlsm 88422e6f6a8baaf355add1168faec3c2cf520438933d982dcff40a31f2468a09n/a