URLhaus Database

You are currently viewing the URLhaus database entry for http://old.liceum9.ru/images/GU1MZ5T1/?i=1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:1985853
URL: http://old.liceum9.ru/images/GU1MZ5T1/?i=1
URL Status:Offline
Host: old.liceum9.ru
Date added:2022-01-18 08:41:04 UTC
Last online:2022-01-24 05:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2022-01-18 08:42:44 UTC to abuse{at}rightside[dot]ru)
Takedown time:5 days, 21 hours, 12 minutes Bad (down since 2022-01-24 05:55:35 UTC)
Tags:doc emotet link epoch4 heodo link SilentBuilder

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2022-01-1848471884211.xlsxls 95141c557c2da97c647844e7c27133e0f8ba49907e167088ad774ed57e950294n/aSilentBuilder
2022-01-1897683131133453.xlsxls 42548ded9ad20eeaa75c1c3c3f1ac4785bc4f7047e5d96d5a020db062f55605cn/a Heodo
2022-01-1878162791601926.xlsxls 4e93c1dcd947587f5eafca098b66e47c5a20fe2106e01e044249c2ecf1087a69n/aHeodo
2022-01-1852946959739787234611.xlsxls 81160f192650a9729f0015a0c97d664f747f4bd3b7c6bea6aab0b80d768f547an/a Heodo
2022-01-181141805851016.xlsxls fb22abb24082e16427d328abb43ea2d0c291433f292ae984b641d137d9ebce56n/a Heodo
2022-01-188537468323829455949.xlsxls b117f7f1b322791ca7c814a7c9003cb57510030294e08c1efd0b1b06f6a3cca3n/a Heodo
2022-01-180557871393031921.xlsxls 72c86aa317ab7faa997935b084336233629d3bfd686c0d3b187d9b3817db2219n/a Heodo
2022-01-18640057343148885.xlsxls 385ad06348819dda8507fb0e17ff3834190df366a07059ca8eac8a346a10a269n/a Heodo
2022-01-1803505423209925.xlsxls 1367eec432b15db18f5f4befa4afeea747701953763371f44fe7a0d8da18c1f4n/a Heodo
2022-01-1802057580012771.xlsxls f46200d10671958e27b019f1501f27f33ec5c0e0aaf34b8a526f6aeb8cd1662en/a Heodo
2022-01-184349892330.xlsxls e6a55d3065b29b2634244c18d442d767860dde8b31b384e78ffa5a532f690a08Virustotal results 37.29%SilentBuilder
2022-01-1823972611406584276.xlsxls faeddf651c26d7da83c2fa5c8c4a79c87ed1b3485682d350b61af795687c06caVirustotal results 23.73%SilentBuilder
2022-01-188203247898191.xlsxls 193d044e84f776310495eaac6c95c173ad5ddb730b53fed2617f7137b52f55b8n/a Heodo
2022-01-182920195754194823.xlsxls a027881e587b66a205cba9400a98fd8ad6acbff555d9e50e44062ca3954ab283n/a Heodo
2022-01-1892153117605.xlsxls 17c6c45571007ecbe44b50fafd5222e9fd161646f082d066f7fee48fe727ee5aVirustotal results 31.67% Heodo
2022-01-1861768883304229507.xlsxls e15606ce2b73d6e8c932a470429060285ef5232662cac19e3abfbcae631c812cn/aSilentBuilder
2022-01-18994926113431679339.xlsxls 2de97a93ab7dd5aeefda020a0447b400f6c7bb15212d4a6f096967e5ba910f01n/a Heodo
2022-01-187718203622.xlsxls f1d5c86f97c302196b50beb4543ebbf621445b8876c8e2731db342b90111bfe9Virustotal results 31.67% Heodo
2022-01-1895571368264.xlsxls 203afcf45c6c4b26213d835ba1164816c6c5ff9617e763481ecbd90481f1c581n/a Heodo
2022-01-181955251544125079535.xlsxls fa10d4c1be08f4e283bdaaa42a1d800768187162e2d90bb494fa4367dcd494adVirustotal results 18.18%SilentBuilder
2022-01-1890796771849092.xlsxls b5826a1bcd5ab4363b49cbb87facbe2d6cd4ff7cc2ad56db37c3bcce6f794edbVirustotal results 18.64% Heodo
2022-01-184565600336.xlsxls bbb0d9096b57b510f84f8b3100abcfa22d6b39dbdd0d182d403e6b78db9b4cffVirustotal results 33.90%Heodo
2022-01-18392352387775506.xlsxls a08e21a9646ed80fd78c00c66e67a24ae0fe62a3b0e7f1f8af0de9e7e5b36fefVirustotal results 18.33% SilentBuilder
2022-01-1868337566045081563019.xlsxls 742e4e61e724ce6d7ff5062cfcfa8e0022ed8efae93831bdac36fd47bae4a51an/a SilentBuilder
2022-01-181489113888345.xlsxls 4946f7957e6560529b159b87b4609993dcb145b5e3aec98d6f6c6b7bbca01881n/a SilentBuilder
2022-01-1807485031228.xlsxls 2344e1b56f2fbbeb4e83627c4b76ee3a66c264a7c2c5905e90c592506488030fn/aSilentBuilder
2022-01-181242027651377374.xlsxls db2524a38755745b796339f2a7fb4e42dba8341984ce35ea715923742a725315n/a SilentBuilder
2022-01-185367147801102814.xlsxls bb03708424d81d0d854321db58bf2b8b53e14bfb0370bb212a75d9f7bd7ebf46Virustotal results 18.64% SilentBuilder
2022-01-185346442521.xlsxls 2dc2a41823b6a6c96530697177ee9be6343c4d95f4a71ae29bf678fddce82bb3Virustotal results 24.07%SilentBuilder
2022-01-1850272165859.xlsxls 1d497a791ac45c2b12cffd732c9c8f699a6c86d89f2db44ef3b890818b1e32ddVirustotal results 25.42%Heodo
2022-01-1879355222843012.xlsxls 870429487b8074eb2a31e3a5b9afa99d814a2abc0261a675d356eb8fc8a4c7fcn/a Heodo
2022-01-1811548048167713.xlsxls 5b375b073c39b03e9ccf40dc5fa4651bb2e28721896d5abc68a3886e2dd691a7n/aHeodo
2022-01-189234080924894485713.xlsxls 5feb30d01fb35d5fde34eb531e533bbfe6870e26612f2b397214636aed65988dVirustotal results 16.95%Heodo
2022-01-1854014599028.xlsxls f74f1937436ffe314a94cebb131fdaa70c307b0893ffee51d13c88f0338a4451Virustotal results 16.95% Heodo
2022-01-183518014113351604010.xlsxls cb72411eda14bcfa779768a7613cfd14ee3fe81b4146cd94786f02b6f1a6c385Virustotal results 18.64%Heodo
2022-01-18437216366148273278.xlsxls f068907e6f0200e63e6bce6f97cee3a7c1159c0cf34a254b263a149261c605e6n/aHeodo
2022-01-180042756913.xlsxls b57b7792f2d74379892499f9a23972aed0b7206a9041b5e3b0720b2a683c0d53Virustotal results 16.95%Heodo
2022-01-1898773897594.xlsxls ee5f67811826c99bf20139cb20c4927a5ece12e158dbcaf0eb0fdb0dd00cb87eVirustotal results 18.33% Heodo
2022-01-18797507252248.xlsxls 314455a381d1cd20522649589eae3f0ff07ddebc5d2893df56f7a858461f6eeen/a SilentBuilder
2022-01-182442157761.xlsxls a0e6e203297d32000eb3c2e3eec9afc3fda24387460b546ab453268205e3836bVirustotal results 20.00%SilentBuilder
2022-01-1818832121684.xlsxls dd44a89f8cb919dcfdab98308dd795b4fd32ab5306a319aced5b2c08a4cba3a1n/a Heodo