URLhaus Database

You are currently viewing the URLhaus database entry for https://bncc.ac.th/wp/wp-admin/UPoKJl/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry

You are viewing an historical record

While the URL referenced below has been used by bad actors to spread malware in the past, the malicious content has obviously been removed around 2022-12-20. Hence the the URL / website should no longer represent a threat. As a result, URLhaus considers this record as historical. This database entry has not impact on the reputation of the website / domain nor does it appear in any of our blocklists anymore.

ID:	295249
URL:	https://bncc.ac.th/wp/wp-admin/UPoKJl/
URL Status:	Offline
Host:	bncc.ac.th
Date added:	2020-01-22 22:24:21 UTC
Last online:	2020-01-27 11:XX:XX UTC
Threat:	Malware download
URLhaus blocklist:	Not blocked
Spamhaus DBL :	Not blocked
SURBL :	Not blocked
Quad9 :	Not blocked
AdGuard :	Not blocked
Cloudflare :	Not blocked
dns0.eu :	Not blocked
ProtonDNS :	Not blocked
OpenBLD :	Not blocked
DNS4EU :	Not blocked
Reporter:	Cryptolaemus1
Abuse complaint sent (?):	Yes (2020-01-22 22:26:04 UTC to helpdesk{at}apnic[dot]net)
Takedown time:	4 days, 12 hours, 53 minutes (down since 2020-01-27 11:19:25 UTC)
Tags:	emotet epoch1 exe heodo

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

Firstseen	Filename	File Type	Payload (SHA256)	VT	Signature
2020-01-24	8QYZDS.exe	exe	cc5727061923d200aa3f6968f496af153fb5a62567c70513b32140bfebd612b7	19.72%	Heodo
2020-01-24	G4fz76KEuUbCssEx07syG.exe	exe	34ed0a05e8da243f3a2746aa13691f17a16a80ca2cc81dd43c6caf40d375a2ad	21.13%	Heodo
2020-01-24	4jE.exe	exe	2d65bbf065092add7bf70c5ef9e2c6e738fe3e650ab3d28206fb09f86f7d5a8a	11.11%
2020-01-24	b4bXjZxp1OOrrrQ.exe	exe	dc77cb100d65759509ae836a8cbd0dd38a2d5441b75239f533d3636b4803e6c4	11.11%
2020-01-24	DQMOAnK83xKJHv0u4WIna.exe	exe	a56927291509ded622b9b25711cb8c89e1d22813876405963862ac1863db594f	8.33%
2020-01-24	bCP.exe	exe	019fa699989362613b4da1d6bfaa764931a0295ea04425ef94a2266ff04e9dd1	9.72%
2020-01-24	2cuy25NRaJ.exe	exe	64c6906143bdf4b6bc3b35778febf9e98bd48a84388fe76d71cfe1630a2e0025	n/a
2020-01-24	8VvgrwQJVT7t.exe	exe	1c4761e5afa0b5fb18e4ef0651461bf98cf30228470708561ce105d9072ff2fc	8.45%
2020-01-24	0RYgFr6Ihjf7O.exe	exe	857b68eaeea655297c379866b3ffc2cb48ee682c8bd5f68be6af49ba646df1e5	18.06%	Heodo
2020-01-24	edRY14ZQ0.exe	exe	c8e0e2d622df86b270c6b36db2863f8702ff8887bc8e19eb5e885f2aa5a4c8fc	12.50%	Heodo
2020-01-24	s2kgBkj0u9MBee6R.exe	exe	da3f4832045ac4368e165ad256ff7b37f9c6d5c881f98bea4c4bfd2eebff930d	11.11%	Heodo
2020-01-24	ZOmaVakJyLvUj.exe	exe	7cf0e31244298fcf081de61aa313495fff95508e707e6f97363524c00de91018	9.59%	Heodo
2020-01-24	TmQ2CeG4kuvo6J3MO.exe	exe	d3dc5867ca79686533e00f5bba12003dff10d96620194ac6cbf37ce9daa609cc	16.67%	Heodo
2020-01-24	Y8Ui0mbiS0Dbfhj.exe	exe	3c22fe8116cd980272784b7080581558736ee1bcd7ec0a1bb7914d5a46e85cf1	13.89%	Heodo
2020-01-24	oIluGUTrODvkbruad.exe	exe	2b8c98b714ee871a1f2c4e0e09646f03434bf1c3782cd2f2283f2b2aa487976c	n/a	Heodo
2020-01-24	ViD.exe	exe	7b466af5dba03442ba718d7cb296f7a87a341505fc3afac840725b766137f83c	21.13%	Heodo
2020-01-24	ymDPIOxOmjz.exe	exe	9ffc072543d89b264b34685f467ca45e8d24f5785de40d2720efbbe41a67f591	16.90%	Heodo
2020-01-24	wD9VNGY.exe	exe	f9c38c5741404297ba115b016b70760c103686a48ab7b3d6976033c467a7c490	12.68%	Heodo
2020-01-24	czy.exe	exe	27b46f966716446ec899e90721a931f0ad0a27532e6a0b48b8266484c1c626d1	11.11%	Heodo
2020-01-23	2m4rDK1ckBkrrnCL7Wte.exe	exe	c9c649f7391af1d3eb5627d0c4a27fb4722923298b3b8991668a3cbb44f99d71	10.96%	Heodo
2020-01-23	aOUKysYuCszTJ2pYef1hA.exe	exe	758a2d27fd39396cf3322ebd4bf4779b9d3e2f9f417b337e51a7d145be0e7431	14.71%	Heodo
2020-01-23	tHz.exe	exe	658b4e0b7d82899a70260249913b9246aebe577406812e59d4458951239a5be2	8.57%	Heodo
2020-01-23	g0mAEA2moh9t.exe	exe	158bd5999ff584742fe7065e0fb644ce668091502ebaf45ee3db33f271520eb7	12.68%	Heodo
2020-01-23	qEFcvyupMbr.exe	exe	bccf8e485f1a83a1d2b87ccbfe3f2aea91c11c8758acb105e34902f6773d8f71	n/a	Heodo
2020-01-23	I0DoCrBkUNOz9HiNA0z.exe	exe	898cb82c3751f69c8e2419028393ebf651549d6175c04672e8bd68df665dafd6	8.22%	Heodo
2020-01-23	3c7JXbjZgcm6MJP.exe	exe	22eed4b56b77cba7ac6f97625acc062a74d3e6fd6ff1a87ed53aa775851ff6d8	n/a	Heodo
2020-01-23	z8p.exe	exe	64d9b96d8fd7de025345370161c3264ad049ddc135597df2aa748255c68af8cc	9.59%	Heodo
2020-01-23	EnkQ.exe	exe	b9579fb95e3a03df8c5a5ba5b8aa6bdeb750e2ae491d7814d9c2c9be5d978310	8.57%	Heodo
2020-01-23	qywLyvG.exe	exe	8e90bfc4d5f70fb4d1376f8c6f09cd07cb1f37d7e73b85be687d889efdf64f02	7.14%	Heodo
2020-01-23	dcmX48R8nccw.exe	exe	265f11b80d72934b36d4bdfe126d2c6f3035aad3b7e68a1e7b5235e21390500a	n/a	Heodo
2020-01-23	WWQ0ydAshT.exe	exe	0a64552d8103f62956fdb5ebdcc1b9f35b9353ffe7c94a87e5b896c341c2f8a2	n/a	Heodo
2020-01-23	c7yVfhyAQwyhB.exe	exe	4608149d718a6ba91106426adbacc86bc5d26d046dc79ee20753afe943a5832a	11.11%	Heodo
2020-01-23	e0H8HDDrAsj1Kc4pS3W.exe	exe	217c032829e8b0ab678f75e777722b31c5a1bccaf20ca82662b019485b00d88c	16.90%	Heodo
2020-01-23	vAzGQwoAx5UoQmI.exe	exe	2412cf9507b0619f9502726f00f82e1f4e84799118a592886f36a44c62b3ab0e	17.81%	Heodo
2020-01-23	i0rbUvR4sjM0o83.exe	exe	c468d20d33fcd71566abc7323dd57bfca3c181c233623d2e910b63570ca7355a	n/a	Heodo
2020-01-23	vecR7zu.exe	exe	76afbce49136d835340c461fb890f3af4b83a42373bcbbc412c20fb8f0e86552	16.44%	Heodo
2020-01-23	vuX3B1NzKif.exe	exe	b088762f2b03d43d7ff932de0e7203f910f8e1ffed3e0530ecbbb243608d738e	22.54%
2020-01-23	42e1j1rOs4McxD.exe	exe	6ee29944559cb72f37c55019ebc5982075c993606141668f38a7709a760bffcc	n/a	Heodo
2020-01-23	hinRFjMtBLMO3gs.exe	exe	0c3f8917cd46aa45861cfcd51c29ec0a9bac17f74522ad29c2e56246b07e65c7	12.68%	Heodo
2020-01-23	MjCoKXHvIdrqTuo.exe	exe	48e9c25291a0d30e03574044a63e1bb17d92aa1a2c2d5ba7be64872c41452273	n/a	Heodo
2020-01-23	Ompg6imCKjMO0cbccv9.exe	exe	2237337bbeec02180c31a435f1a4221f1101b7c40bd1f028448c536c27b3b438	n/a	Heodo
2020-01-22	fu9pKybX9DxV.exe	exe	1078b3921de294b8f7deff36b11f2806a0bc60cb4714b3b15035bc6c7867c367	n/a	Heodo
2020-01-22	fyMlsFw.exe	exe	5493ca7d1811754f9269d42be4134a16200280041bc2d952378cc9fe9755fe38	8.33%	Heodo