URLhaus Database

You are currently viewing the URLhaus database entry for http://demo.birgeek.ir/b/yYACSCJ7GOfjnP9G2vp53Mac8u0/?i=1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:1993103
URL: http://demo.birgeek.ir/b/yYACSCJ7GOfjnP9G2vp53Mac8u0/?i=1
URL Status:Offline
Host: demo.birgeek.ir
Date added:2022-01-20 16:18:04 UTC
Last online:2022-01-21 11:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2022-01-20 16:19:10 UTC to noc{at}bitcommand[dot]com)
Takedown time:19 hours, 13 minutes Good (down since 2022-01-21 11:32:33 UTC)
Tags:doc emotet link epoch4 heodo link SilentBuilder

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2022-01-219565013021.xlsxls 6407591df6ce61f946e24715faa6fba1b1f3221e2baf22f6c4f5a64f1ea98eb5Virustotal results 36.67%Heodo
2022-01-2118636898740.xlsxls 3ca3bcd5771a06938cc8e8c44cd2c85b794376401b469fad7e5d4b513449fa27n/a Heodo
2022-01-2127130687252847.xlsxls 5733b0f4ff735d3282e9f35d49f2415eb5b786859209d98bdfeb412b55d09958n/a Heodo
2022-01-21332232817322686511.xlsxls 2f51046242d3bd4fc8a58e9ee765707e09c8efbc4bd58b302262b181e9960bf1n/a Heodo
2022-01-21019649080862719826.xlsxls f35abc3dbc3faa333da128234f2b7778969e1ea5f8ef088498cc8ecf325f8a9cn/a SilentBuilder
2022-01-211855955744.xlsxls dd6ee5ee1db29010e56a2b1adf5fda9553efacf03236a806283e094bbe44e275n/a Heodo
2022-01-2105946985162449877660.xlsxls c60a6861fc63f90b9f872e0bc131fa85f6af0daef37063eadf6d10890acf3bc0n/a Heodo
2022-01-212560678052405620.xlsxls 595457287262641f193afae7ac66120029ef90f2ba59b310fce3d9335b1cf304Virustotal results 30.51% Heodo
2022-01-214423954841.xlsxls 6210a47ac252a9d3c84217e79a9570c301d1ed70cf9ca03f6528eecdb41f3300n/a Heodo
2022-01-21829876645813.xlsxls 39ba6afc99d38c2fbc8b27202b6d698f96cc74eae1a2c1fd7ce630b094c317ean/a Heodo
2022-01-2133775196927565876150.xlsxls e06d794800a6c8e29eaee2ec0e2ccd9f60b00c7d6c9b4a80ce605a4c156f9982n/aHeodo
2022-01-21837098457835.xlsxls 52a45137b619d578b273feb9e56f2d065a5266093a378996f96bd28494c38999n/a Heodo
2022-01-21245654703672619.xlsxls 76b99443173be2dec302236f022b468a8f7314de6c460df50dfa9459fed95ba5n/a Heodo
2022-01-218910023674159609.xlsxls aaec559a9461b2ceb6da5a557186641e67370e83fddc9b23237f6f92c0e22fc3n/aSilentBuilder
2022-01-216927905276783247485.xlsxls 539a3855a176457a29262e61d738250050450a8a6adb2b1e9c8961a40a6cad57n/a Heodo
2022-01-210468223248757.xlsxls da47d26dcb0d02a3c820527649f3ca7bc273567280aa0522f90f7e2ca6f42ca0n/a Heodo
2022-01-211175934321577174012.xlsxls d26fa50d28f1d5fecfbd935c7c439e19ed0336097938d366f8d2cb3e8c039824Virustotal results 31.03% Heodo
2022-01-21827380630461326718.xlsxls 5ceff31125b1d5b68a48d4ce817ba3b487201c0c24e2efe3ad2e14400edccd42n/a Heodo
2022-01-2156109976138308095379.xlsxls 191356b25cb1dd2f17049101e27706fa159e0851776a2239b87a75435b22f63bn/a Heodo
2022-01-218440233742901431028.xlsxls 2cb043937c5838c3f91d3955127cc444ff420b74448d38395ab177b8369753d0n/a Heodo
2022-01-21402762003569018.xlsxls 278e2b44764f4223799867c585d886b7fe57313055f5f82d983f7e13e1a49aedn/a Heodo
2022-01-21558585920663146518.xlsxls 176e74f0a464fb21b84f6934aad4baec2610d29e8998c2d8808c45affe7997dcn/a SilentBuilder
2022-01-21874362184509619340.xlsxls 4520398e8aeabb1aed9cd4899a2ac014545d9ad9383959288cf2470f9c1c4731n/aHeodo
2022-01-21404252938503.xlsxls 8aa9a577a3bd2b2fb4b35339f5593a8a3f1c7635247b6fe78fbbb2983a8cdd4fn/a Heodo
2022-01-211850042735.xlsxls e57baf9289180802e131633ce599fd55a0a67db3423c45d62f4a88fbf94a0874n/a Heodo
2022-01-210515560695.xlsxls 3207aac6b983f0ef8828530480f6b8ab43e82076ceb30621052aa8a589787eecn/a 
2022-01-2171403803803528331.xlsxls cb72aea24f710a0d9b643de1e759ace18205bc20aa8aa7a91ecf20e556cad41fn/a Heodo
2022-01-21584522651197.xlsxls 9296f02a362c27b1e3a3b4119ede64ea52b6c0430fc70517e5146730c23c987dn/aHeodo
2022-01-207739087561343292.xlsxls 531278b90b12ac32bc7671c1f2a52ccc15afe992249b5dda28ae98885b954c99n/a Heodo
2022-01-2060704359676800674.xlsxls b0e176129f7c1c4ae1d31d420d8ecacaceb6c4682002848a769d98e4b0f21399n/a Heodo
2022-01-208394693947200.xlsxls 79ab6a611483efd4c9e4394ac5c6a91c458857820c4c4b9bdecf0cab92acf8f2n/a Heodo
2022-01-2064183851720.xlsxls 536582463c4d7bc11c931e61b72316d539e0b4ed677451ec3ab8942f6a02a040n/aHeodo
2022-01-20301028940200.xlsxls 514af468cf8a54d3ba4fd08208de3119721d9a9b5e4d2c96373add4d3dd7688dn/a Heodo
2022-01-200449292455.xlsxls 7758c1ef7b05f4e4e7e283eda2aba34801589c1ed656610c149a5b1a1a0b7fc3Virustotal results 22.03% Heodo
2022-01-20419227280250631.xlsxls 8a39d34f5c3133db2f6137b02545e312f05bbdabceda4bd830948380fa4c98c7n/a Heodo
2022-01-2059559994315.xlsxls 3b63534dcaf71bdf8293d2a3ce3310a02d2eda37deac68d5ccbdc89cfbc8f408n/aHeodo
2022-01-20328763053396.xlsxls 698ac4754c91f79900c81b961534ff29b9a260b82efb690fedc38b0f76ffd278n/a 
2022-01-20995652944497571365.xlsxls e099be7b0c6f692f34ca73c32d72d85e9f0465fcf630dc6d929ff4280496c27bn/aHeodo
2022-01-20294948410158.xlsxls 6f95d343a882d6e800379be638a48804dfc956537ffcc06361e1f57fa2938808n/aHeodo
2022-01-2085175474918479.xlsxls 8697b2c64ef08e5e4bd5ca43dd988dc5ab701d50fb022b74e7413b95a7dc7c02n/a Heodo
2022-01-201083072815682.xlsxls e8499e295f03f08e5b88e949410d47da75c2088340bfc860fa5c9d1e1ec915e9n/a Heodo
2022-01-2042272009017706.xlsxls 06be4ce3aeae146a062b983ce21dd42b08cba908a69958729e758bc41836735cVirustotal results 27.12%SilentBuilder
2022-01-205772583294.xlsxls cccabc887ab4275e8443e3a4a0ae09bf99abab044d1bf91cc13305056e8aed31n/a Heodo
2022-01-2036935637294645295.xlsxls 32f3361f02ae4615ff51402361d271dfb7aa3984755728c5aa6c854979f0e551Virustotal results 23.73%Heodo
2022-01-208378502667498359.xlsxls bacf440569f1641022375248f1d5b83393d8a5c4a9a64b05e4f60b745972e754n/a SilentBuilder
2022-01-207149391319.xlsxls 23dc54d35406a09e9c7ebc21aed24c81434f62784b5a94ff6b762b39008d3a05Virustotal results 17.24%Heodo
2022-01-204326767704.xlsxls ad511015e8c542a03954c1be8721ddcce85dbe997f7b2048bc6e1b35823c5ffcn/aHeodo
2022-01-203181433450308936.xlsxls 8d84655e38e2387863d37550314c529ba267cf9b6d8f502ab1bbc350156e6d4cn/a Heodo
2022-01-204129227980075382168.xlsxls 164c4462564895150dfc560f123efd7a59af8c5720ed9937070c77875cc54031Virustotal results 22.03%SilentBuilder
2022-01-2097381607652277485777.xlsxls 2dea7ee99b9ee3e1af8311223fd46e439e34208c91a1b4a4926afff5c0f25265n/a Heodo
2022-01-20878642391626.xlsxls d507a6a85d0f208c8662e6cde4d1bd419daefd9b5644146e4a51546fa37131abVirustotal results 24.14% Heodo
2022-01-2053206887839020221256.xlsxls ca1baf60faa9486403587e0fac3c548db3aa5b6fb42897e1569020682499e319Virustotal results 25.42%SilentBuilder
2022-01-20895578267322.xlsxls c8135ea47a8ccaec467c69c25086fa239e1ed6a2c7ad2494e9baa6b024f7242fn/aHeodo
2022-01-20273985471917.xlsxls e19b762e560008e23a2bd5ff0e0ed710b52c528edfe995fbecb484af29f68b7bn/a SilentBuilder
2022-01-2038275331809134.xlsxls 687e234c7b54e2590520375221eec756b91e6e03b05bbb313e8765457906c707n/aHeodo
2022-01-2086155925784667659019.xlsxls 9c64d996db56f1125846acbafa4b51d2e5f8ae186a4b1225d16077a3cf34f0a6n/a Heodo
2022-01-20498921973966437227.xlsxls a409b149beecde15bef1b05142a79f0f15a7c621cde14d9d6a5a1fb69190e01en/a Heodo
2022-01-206065941800883.xlsxls 4b90a0d2855800baf3485d8e0c38ec0e5aea83050ceeb38061af07eca0d16febVirustotal results 34.48%Heodo
2022-01-205483937217301.xlsxls 7f47c50d92a3da634e5e5810bf1d27d35cd110242f9148c1506e2da375a056e8n/a Heodo