URLhaus Database

You are currently viewing the URLhaus database entry for http://closhlab.com/3316NR/WIRE/Commercial which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:44348
URL:http://closhlab.com/3316NR/WIRE/Commercial
URL Status:Offline
Host:closhlab.com
Date added:2018-08-20 08:02:40 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:@ps66uk
Abuse complaint sent (?): Yes (2018-09-10 07:40:07 UTC to ip-admin{at}coloquest[dot]com)
Takedown time:2 days, 5 hours, 39 minutes Poor
Tags:doc emotet heodo

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2018-08-22PAYROLL #531E.docdoca65ed438212c652de3b0a414fbc81ecadfc10bf3aa96cf8607a1054ec2c596deVirustotal results 22 / 60 (36.67)Heodo
2018-08-22PAY #732088BC.docdoc78f489ff158b9383ff9452fb42f0e318c8dc04c1dd93e3c4f4ee69eeca4e0919n/aHeodo
2018-08-22SEP #87QQXTD.docdocb9e7c2096c33e8fb98ec7e5bb24861d61061342bcb4931feb63f24e5cf529e6dVirustotal results 17 / 59 (28.81)Heodo
2018-08-21BIZ #19139CV.docdocd12f16c251e3eca86f2c81e3aef71f71c13b9193ab8ec4120cae665aae3a7fa1n/aHeodo
2018-08-21PAYROLL #5172784DKEMUUQM.docdoc6d7e29aa12387777da230a4d4b9958c480f40011c686b79df18f6424e1b53ab1Virustotal results 15 / 60 (25.00)Heodo
2018-08-21SEP #00FW.docdoc040383f170e9500a9bfbe6d3965c0aec1c7df837ea90d81c4a9ecfd9bb960d31Virustotal results 11 / 51 (21.57)Heodo
2018-08-21PAYMENT #3321559HIZKNQM.docdoc0683e0ba3ae879510788c36e80ccd62f8e934391f57fb46f511b42c30cb60f8bVirustotal results 15 / 60 (25.00)Heodo
2018-08-21PAYROLL #5570PHKFRY.docdoc183334930d4aefe32cc2b934254af4a98433b105ff7976bb97097b6b153fa878Virustotal results 15 / 60 (25.00)Heodo
2018-08-21SEP #100FZLH.docdoc07231968d09dafaa66b34dddf9d563a7b5830cd0c8499ad7609762fe41c13aa7Virustotal results 15 / 60 (25.00)Heodo
2018-08-21BIZ #6FWO.docdoce1694b78f79447de4333f0946a7f60e593a6ae32ba6d25dbb484f2aee48a7a31Virustotal results 15 / 58 (25.86)Heodo
2018-08-21BIZ #7XMIB.docdoc672842f10c372d68439e1a4b8ab84c1c2ea7daf93237e65ca7c088bb4b11ecden/aHeodo
2018-08-21PAYMENT #8743DXSO.docdocf8546a6bade29d0ee6f24d9f13e0bdfcac764e1e505dd3c97d5d177959ff566eVirustotal results 13 / 59 (22.03)Heodo
2018-08-21PAYROLL #531677GQANQJXH.docdoc49bbdc4070b91f076214090247271a7c1f16987b118a93c0486e1b5af421516aVirustotal results 13 / 60 (21.67)Heodo
2018-08-21PAYROLL #815JL.docdocd3a0f57112850dae14b0ca55af62d9501d4799901b6a3adcf1ee34e1863c812bVirustotal results 19 / 60 (31.67)Heodo
2018-08-21PAYROLL #652831GLVDUN.docdoc351b5d7f01f09d5726fa50d3164965cd95a3a651b0028939ba92588c8b7aae2dn/aHeodo
2018-08-21BIZ #55W.docdocd70c68d2b293eb4afd73dd4ee4bf3e01efe6189eb6d4ec2ad23bea67587a12ecn/aHeodo
2018-08-21PAYROLL #0PR.docdoc50abceb0847ffb5915421d68b4530c75caad14987ee88b9daa2b15ac87f01215Virustotal results 11 / 48 (22.92)Heodo
2018-08-21PAY #58032VLQRZ.docdoc2637411086e78305d213b5e5a70ab20c35c0aa5d61a00b0ab27952667fc14802Virustotal results 16 / 58 (27.59)Heodo
2018-08-21BIZ #7Z.docdoc0b880330242130a5da9a442ada20239a224fa1c938e2a9d41c5d68ab8d83a7edn/aHeodo
2018-08-21SEP #9GZUPVELA.docdocb5b274f17a32646f88a9bbd34516231e3ecde152474645dfc62f9a7a951e400cVirustotal results 15 / 60 (25.00)Heodo
2018-08-21PAYMENT #17MB.docdocdca4af43998beb67cfca04d21c99636d179691508a6f55ef6037033807f98b0eVirustotal results 14 / 60 (23.33)Heodo
2018-08-20SWIFT #8573FCFPRUJ.docdoc8f00d5743bab420fc4ca8ee2af7155a33db5ae184e7c2dba869cc8b4933243d8Virustotal results 16 / 58 (27.59)Heodo
2018-08-20SEP #37857PMRLUUO.docdoc6f3eff9af565d8ee0d66f4e4bd2c4722e77e374eb7345e7803fcb93415d04cfaVirustotal results 14 / 58 (24.14)Heodo
2018-08-20PAYMENT #54CWGOQ.docdocc469070bd83fb5dbf75f877a5d548b3b20d561c62f10dfc941319fe526c4062aVirustotal results 14 / 60 (23.33)Heodo
2018-08-20PAYROLL #26993QMWBTCL.docdoc3875ee9653f5ae7965ca4a4524aca0b9e58de6ba73f7ff224cfb61c5a20ac206Virustotal results 11 / 59 (18.64)Heodo
2018-08-20BIZ #5955920MKHFLWW.docdoc71a544a1cc1443e78ad6575ad7a8a9579d89b5ce678cacb320c72556d904a902Virustotal results 9 / 60 (15.00)Heodo
2018-08-20PAYMENT #69056BFTXKEEB.docdocd6a98d6d5787b5211e8879225636c3a18aeb87a4e81622a56446c6c88bb3fbd0Virustotal results 8 / 60 (13.33)Heodo
2018-08-20PAY #5767GZOOUJ.docdocc826fdb8d10eaf87fc0b8e4af85a3827b0686b2392921947f40ad2f0fada3611Virustotal results 10 / 60 (16.67)Heodo
2018-08-20PAYMENT #384577IDN.docdoc12f78df44d63769fefe5b2e4bef5b993bc1c7084c7db44c8ec6c5d126b02250dVirustotal results 8 / 51 (15.69)Heodo
2018-08-20PAYMENT #684QNK.docdoc06199d3c62429c5c1cc9e6ef3da09c4d4f76f5cf1fdcb2104283304aa5ef5141Virustotal results 8 / 58 (13.79)Heodo