URLhaus Database

You are currently viewing the URLhaus database entry for http://closhlab.com/doc/EN_en/Payment-enclosed/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:37661
URL:http://closhlab.com/doc/EN_en/Payment-enclosed/
URL Status:Offline
Host:closhlab.com
Date added:2018-08-01 16:10:33 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:@JRoosen
Abuse complaint sent (?): Yes (2018-08-01 16:16:13 UTC to ip-admin{at}coloquest[dot]com)
Tags:doc emotet epoch2 heodo

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2018-08-03Money transfer details.docdocd46899f30fd93cde8fd3f79f3197b5c1ed8f8179738657a0f39efbf812a0016dVirustotal results 20 / 59 (33.90)Heodo
2018-08-03Payment details.docdocea3d311668298936d62e05c3ff1230cc26499b145d8652240787107bd3e1a329Virustotal results 20 / 60 (33.33)Heodo
2018-08-02My current address update.docdocbcabbb9211d2a6c94699c2835552d8eaf0901b03568690dd0ecb15440aa617bcVirustotal results 19 / 59 (32.20)
2018-08-02Wire transfer info.docdoc787d923c658f44ec1fb19eb07938a9f09668e2cfdfcdc215f7de9acfcaad9745n/aHeodo
2018-08-02Due balance paid.docdocb17dfa7918f86d1cdff160f8396ee6872082b58f72c8fe2e76069a63ba95f3f6n/aHeodo
2018-08-02Recent money transfer details.docdoc8b05d212425cf34dc52ada11d1323e4376fb5158e674b3a98fc5656d8b2199b5Virustotal results 18 / 61 (29.51)
2018-08-02Payment details.docdocbce744469a681e98b72844d9a7ff53b35d02d99aad66da89f571edf2683f41b6n/aHeodo
2018-08-02Due balance paid.docdoc23905e0bce997f3359df37fae544069ea9134f4d05c8f857fd2d4d6f7aade4fbVirustotal results 19 / 61 (31.15)
2018-08-02New Address.docdoc516405a0b36c408a237020aadc26eeca2d24841ae01b5e0b3de84498d337120eVirustotal results 19 / 59 (32.20)Heodo
2018-08-02Details to update.docdoce34b3ef571441b7b4c3e2fc6fb88b46c440d32504e070e8947db82b526dbe461Virustotal results 20 / 60 (33.33)Heodo
2018-08-02New payment details and address update.docdoc98caae4c8e26c61082a8ef1fd2b9000d42217dc566396c0799a85ca72f3ee2f9Virustotal results 19 / 60 (31.67)Heodo
2018-08-02New Address and payment details.docdocd91aac11e2a28d708ef8ea82b534128e782048b29d98024b35abb665e19a08e1Virustotal results 20 / 57 (35.09)Heodo
2018-08-02My current address update.docdocbfd182fe6d721791e1992b7047deca7592fbd7dd40deecf7a3a2f296bfcc0d39Virustotal results 21 / 61 (34.43)Heodo
2018-08-01Payment enclosed.docdoc2319a95b214b2e31da0df544385bc07f647fa2ebcd2c3207eb6d620f683bbeacVirustotal results 19 / 57 (33.33)Heodo
2018-08-01Due balance paid.docdoca52283014e3277ca3b40a02ed5dd0ef986c5de26aee8b8dc7afb87e69b05d89cVirustotal results 18 / 59 (30.51)Heodo
2018-08-01Change of Address.docdoc10298001d0cf5408d6d28838518888438ca64d5cc545c0aa9de1d0a7dafb2758Virustotal results 19 / 60 (31.67)Heodo
2018-08-01Money transfer details.docdoc207f084b0cc2eb26c4a7c680a886e3f9bd65f45eed695d504743d6bbaafa9856Virustotal results 17 / 60 (28.33)Heodo