URLhaus Database

You are currently viewing the URLhaus database entry for http://farschid.de/verkaufsberater_service/3CxMQ4uaxy/?i=1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2119353
URL: http://farschid.de/verkaufsberater_service/3CxMQ4uaxy/?i=1
URL Status:flame Online (spreading malware for 3 years, 8 months, 13 days, 16 hours, 7 minutes)
Host: farschid.de
Date added:2022-03-29 13:52:05 UTC
Threat:Malware download Malware download
URLhaus blocklist:Blocked
Spamhaus DBL :Abused domain (malware)
SURBL :Blocked
Quad9 :Blocked
AdGuard :Blocked
Cloudflare :Blocked
dns0.eu :Not blocked
ProtonDNS :Blocked
OpenBLD :Blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2022-03-29 13:53:06 UTC to abuse{at}strato[dot]de)
Tags:doc emotet link epoch4 heodo link SilentBuilder

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2022-03-31DD-548472338312813.xlsmxlsm 894658b992050ab6d7ee061f083a48264ce56c1b4fbc5ac87c142765405a47f7Virustotal results 36.51% Heodo
2022-03-31MK-2332263229.xlsmxlsm a1057f814e603d7b7ff7b711305cac0ef15e48b78499802d411424a19ee235f8Virustotal results 40.98% Heodo
2022-03-31FY-02260354194105.xlsmxlsm 4d68481027dc3987acbc7b6e5a8e958cfdcee70287facb9764a512bcf99b1798n/a Heodo
2022-03-31CSG-06043844322396.xlsmxlsm b7434efd7fea43c4a794bcb8e1e055804c16bb20b9bef7bbb1c06b5bc23f419an/a Heodo
2022-03-31HB-49958143.xlsmxlsm bb415157a1b9bbe60b44a718eaed436370f6a07df786986c3adde6f5f22c12feVirustotal results 39.68% Heodo
2022-03-31AT-487012733632704.xlsmxlsm 2617b3b15f0d97a163be4c1cf6df03a45313c05bf0f36c3c2b37e56732608493n/a Heodo
2022-03-31UJ-6735753604.xlsmxlsm 4409b097292f1ed1adedbae38fcecf71370a64209f9bb5ffff019b71e8a88533n/a Heodo
2022-03-31NUW-1360703.xlsmxlsm 764d8e72174b0666952016caf95096e85219dba6554a8ce6db74b8244b3e7590n/a Heodo
2022-03-31TGV-513107124634034.xlsmxlsm 08e924859a3a3f17c099cca75fbb3cfd7f8cd726fa2e89fb47ff02f9687143baVirustotal results 38.10% Heodo
2022-03-31XJ-038676111.xlsmxlsm 4de0ee96907c9c431a85d1a6b259851537ab1e75656a55ec2f03b2d8d06326b5Virustotal results 38.71% Heodo
2022-03-30WEP-926045635.xlsmxlsm 08e64e582d9d42f5f3a21eaff52bcb72b4a3abfc761561ff28f40bf937dedb2cVirustotal results 35.48% Heodo
2022-03-30KUO-5215112.xlsmxlsm 93629f0e94046fc0c1c1a2779a8e58d101136842695fc4ad3addbde6c7757dcdVirustotal results 31.67% Heodo
2022-03-30FR-886656481.xlsxls e3fbd4cf6ed31e9adab4c4501c8aa3b5ab01e5d44ec754c1e2ef154b3172c592n/a SilentBuilder
2022-03-30MC-68258480112513.xlsxls a1b358f2c3e23ebd2be3bc520da7257052ffbfd336e2fb2fd2522f1847750fd6n/a SilentBuilder
2022-03-3080892143369.xlsxls 47d56d48a9d1124c93c30fceca3e85139262e561196d7e483048f00952a1dfaeVirustotal results 28.81% SilentBuilder
2022-03-30735267976228497.xlsxls 8a6effb1430c591fa0e6e8ac6f84b1991bf8cc18f70a432ae63e6bda131914c6Virustotal results 28.33% Heodo
2022-03-301341043771871.xlsxls 4609576ebe318d7f78f3afabd1dc9fa8228b2a4926a14173363c59bb47840ef1n/a SilentBuilder
2022-03-303239783363824.xlsxls 26cd434824a47499fb86ddc7f7935decfa7dad1a9b4e3660cf17d2503a467d2dVirustotal results 28.81% SilentBuilder
2022-03-300994940213.xlsxls b2565c24c9c72461d71c25df5d6ea291c53cd27725217f8c6585653cbdf72648Virustotal results 25.00%Heodo
2022-03-303575041856260838295.xlsxls 78498ba4708e3f06fbedcfade13bf9369ff2d9713eabfa56ead41fbb967c209bn/aHeodo
2022-03-3079691708130600315.xlsxls 2c5a6e2874d27ce1c3e678d86f41ae78e68de3348cde00858cf4299aa14ea521Virustotal results 23.33% Heodo
2022-03-3019170919031.xlsxls b7f5d43b1901da5a003086b8faa4f6f0d1f8af4ed7657fc2d5c74aa5cc621629n/a SilentBuilder
2022-03-302889118376901150058.xlsxls 92b068c533ae97aca8470cdbc6e8d3bf23caaf19f593b462e8352e58cf21c352n/a SilentBuilder
2022-03-302191264204554.xlsxls 53695dcf97841c90ec048a84804fbdd56aca83a71ad0ea445d6606181c7fcd64n/a SilentBuilder
2022-03-309645050765375011.xlsxls 7937cbeb22e343c85416f44566aaae7837e6890b37db7af72bbbd84b769b8205Virustotal results 28.33% Heodo
2022-03-30485787915983255519.xlsxls 73a7d36de3e4f7ddc7f714ff205b0ccd1660020f04898ec79764150268cc31e5n/a SilentBuilder
2022-03-304654524697988229.xlsxls 9822c8d67fc1931f874b2f4e8677a6eb5492d20aa72d677e4d8309f37108668dVirustotal results 25.00% SilentBuilder
2022-03-30532075619568.xlsxls 86e52f0a682a1df7d90d7bcd0397e524613976d02acd17e8af00191aa679645cn/a SilentBuilder
2022-03-300936862055.xlsxls 905937ee43f2fc5221d18f42e0e1b2514bd1059016ddac70a5fe00c2092cf34an/a SilentBuilder
2022-03-306717067555943660.xlsxls 60c10b6c651a9926b3b26455439340955ed88932bfbe0b5908534088eeb92037n/a SilentBuilder
2022-03-300602147991.xlsxls c12be159aaffc14d6672e97c280868c12ceadd8a60e48769ddefa0d64313e18an/a SilentBuilder
2022-03-3094419991044612283005.xlsxls 1b3dcc87c329e9a704c55890eced55298a7fe31f93de0dcbf15924aa87d4b3afVirustotal results 21.67% SilentBuilder
2022-03-30186184534047.xlsxls 9e011d77b179dc3075654faa2f570ff83e31cb879ef14891e49805831790a329Virustotal results 25.00% SilentBuilder
2022-03-302384345043429.xlsxls 035c4f282118132e1eae04741d65632f503fb29850e63d8d98220aaf5893288en/a SilentBuilder
2022-03-3044628282463.xlsxls 795d1cb7302f7f2d226a7a50f9a1dfaca81c320aabc71f47113736bc0712a6a7Virustotal results 24.56% SilentBuilder
2022-03-30176628804345162.xlsxls 18a5aadfb1ade6b05280001f26d457382545510248408bbf0ba6d73aecd59e1en/a SilentBuilder
2022-03-30454647111009491546.xlsxls 290f539c1f4c6a1d93326b68439e7af2ca93bbccef80fbea68a6ff9d10f9ed64Virustotal results 21.67% Heodo
2022-03-299700530188.xlsxls 3cd17e7df9642d09bd3d735e259ca8f9c4ff061f1070a601f3e638df5fbe1647n/a SilentBuilder
2022-03-294827763068837476.xlsxls b8c49a9df5c1a3bc0537ffe1119107d04df77d72c06ed2e3fa7ebd2c7ca0b584Virustotal results 23.33%SilentBuilder
2022-03-2931517204306987.xlsxls b1607ec0f6786f359c81b5a083c3ba60a429a0cc7d89c5d7613b026afa3a1651n/a SilentBuilder
2022-03-2995260130302829447.xlsxls 6741b0effa1844c85e25015d8c01ab0330e793dc563cfe2977746f5eb7a37fd3n/a SilentBuilder
2022-03-293624151365.xlsxls 0fe0a839f0443f5f4ed8ec44d12841acd9dc15fcd48d5c981483e6463102e4afVirustotal results 23.33% SilentBuilder
2022-03-294466848450059007854.xlsxls 00ef19a9999d66a0a2fd269dc716bb6380d844c95ddb36138c4ed1beed22a55bVirustotal results 23.33%SilentBuilder
2022-03-2960739009117637.xlsxls fabda0d0f97680a912e83455895d68881d3cca4d9f51615a6969bf08f6f9ff36n/aHeodo
2022-03-291013406570952511036.xlsxls fd92b1744e9c2256d82806c8e9361bee991a912aa23d12e12d2ba425f56a2accn/a SilentBuilder
2022-03-2948325029472.xlsxls 4c55eecd256cd070e46b1238ae32febd63f8a2c34df92f3ae5a3bcebd6f1639fn/a SilentBuilder
2022-03-29760368124659655.xlsxls 8fbf080216ee7ea418851bbdb0480602d671d4fc6fb60eb2efdf07b44ab42361n/a SilentBuilder
2022-03-2983487188387.xlsxls 27189fea209b3bebd9b9d190466aa9b9b629e8f543d2d9fca45fa5a6ab72cea9n/aSilentBuilder
2022-03-295461078546941.xlsxls 8594f4737ec8ca5967eb3d2958c64f73f267101e24d72d4542b9154865937b36n/a SilentBuilder
2022-03-2998816752412571.xlsxls f110370bc9d466ebac20cff8ce4dce0002e3c5afc3fc5814a8c9f647369d3295n/a SilentBuilder
2022-03-29465691056909.xlsxls fa0b00a97c0fcdee52edad2f04692efa11a8567946cffac17a52cfef6da485a6Virustotal results 26.67%SilentBuilder
2022-03-298158011263324.xlsxls b44983f19a9bd19277d40e50e0ba7edd66a1743f2d68c7204b62e88690781783Virustotal results 25.00% SilentBuilder