URLhaus Database

You are currently viewing the URLhaus database entry for http://electroyas.ir/wordpress/xcP9DqOZ1/?i=1 which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2120154
URL: http://electroyas.ir/wordpress/xcP9DqOZ1/?i=1
URL Status:Offline
Host: electroyas.ir
Date added:2022-03-29 17:39:05 UTC
Last online:2023-01-21 12:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Status unknown
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Status unknown
ProtonDNS :Status unknown
OpenBLD :Not blocked
DNS4EU :Not blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2022-03-29 17:40:06 UTC to abuse{at}hetzner[dot]com)
Takedown time:9 months, 27 days, 19 hours, 1 minutes Bad (down since 2023-01-21 12:41:49 UTC)
Tags:doc emotet link epoch4 heodo link SilentBuilder

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2022-03-307326893272059.xlsxls 0064a9e50d81734b02d6e46a0c7438caaac87d97c3a8d2e252d116c08094820bn/a SilentBuilder
2022-03-300306868620907914.xlsxls 153ed0822091516925dc6d0878a91cce7c48cf3015c7b66490832a19bd11eb4bn/a SilentBuilder
2022-03-3078872675441073350810.xlsxls 810ab94aefd1a5dc68f1df21a77fa2a83f96cc60bb42d7887fae6c365713f2e5n/a SilentBuilder
2022-03-30176211969104404.xlsxls b1f9a8c2b79e9e80247652fcb54a87ead4d7b32c51769ae1622b94d9af3edeecn/a SilentBuilder
2022-03-30676086807399.xlsxls 44d5403251abf78bcc06490d12cef37dfb9c334dea049aedafa5e6a86bbfb235n/a SilentBuilder
2022-03-309171012076790.xlsxls 24ad9d3f78bea240504cbce0249b7039af63a76ace53c784675eddccc8a91de0n/a Heodo
2022-03-3093536940118924.xlsxls 795d1cb7302f7f2d226a7a50f9a1dfaca81c320aabc71f47113736bc0712a6a7n/a SilentBuilder
2022-03-3049670183939818.xlsxls 8bf74e3bd0c2bd417840c78d7de56486295b5ffdf9f9e358a3c4348b5147037dn/a Heodo
2022-03-3075587916910.xlsxls a86068c11ddc91fe81492d31c721514cb80c6bb1948c7cf126fe733af7205e52Virustotal results 21.67% SilentBuilder
2022-03-2908918504178096600029.xlsxls 5945c872c336b1839e2d24e8ade8c28cd4bfda3b45281798c978e0989334a219n/a Heodo
2022-03-293168622891899.xlsxls 4db12a7472a2427ea88cb16a24494b46824688abd29824abffa27f9366e46f30n/a SilentBuilder
2022-03-298626697872962422109.xlsxls f3daec8edc00ed830633da822f31e2ad20e1a27bff73831a2d6521ac7f4deef0Virustotal results 22.64%SilentBuilder
2022-03-29445369820526.xlsxls 21b493331dfa55c98bb5ac6fd74d85190940cfbcd4c7a6c499019918276e0cd8n/aSilentBuilder
2022-03-2946897007330839323.xlsxls 67a20d8315c3e1cb24416ae035906dcd81592e4320a2168428e11db1afeee329n/a SilentBuilder
2022-03-298572724884157.xlsxls 5f9d14758b5a858e2e6c71b2f0860e5fd81746643f97a8d765ae0ee314b3425bVirustotal results 23.33% Heodo
2022-03-298139706987.xlsxls dba7a4b42e291b9f9fa4c9734d6671a1ebb6dda6e2bec200a0d72322ad1f37b6n/aSilentBuilder
2022-03-2953442263058.xlsxls 83c9263043f01d9f515513221733d37feb8237e7635f28f48b35b0522b1cf7fen/a SilentBuilder
2022-03-29548332718394818.xlsxls 283fb6e43f131c043ab08070f5e7a3e4e99a66d446ec7769b3b266e4f3f282d7n/a SilentBuilder