URLhaus Database

You are currently viewing the URLhaus database entry for http://closhlab.com/9665SIGGFB/WIRE/US which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:47120
URL:http://closhlab.com/9665SIGGFB/WIRE/US
URL Status:Offline
Host:closhlab.com
Date added:2018-08-24 08:29:05 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:@ps66uk
Abuse complaint sent (?): Yes (2018-09-10 06:10:14 UTC to ip-admin{at}coloquest[dot]com)
Takedown time:2 days, 3 hours, 15 minutes Poor
Tags:doc emotet heodo

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2018-08-25SWIFT #683GYHWJC.docdocb8be31db3cf8fa74d86929a303a2ae714fb928211f14b777f4a63f2bd1854929Virustotal results 18 / 60 (30.00)Heodo
2018-08-25PAYMENT #3572156JVP.docdocf5cbb2a78c376881dd2a1a0109fa48a31ac01342e30328b279a8a9b10215a0aen/aHeodo
2018-08-25BIZ #059043D.docdoccd2ca0dd480b0e65a97ac35cd701ff8d72fa18e1ac3a212e52659e5eaaf9c175n/aHeodo
2018-08-25BIZ #533Z.docdocbdd0ef1c2f7846eb19b353397fb294d21f76a7268e805febde48e40341d91db6n/aHeodo
2018-08-25SEP #836168AW.docdoc24e266c12f9624da9ffb2dfe7ee7ed47aeba644f269389ff65360b2ffdfa665bVirustotal results 14 / 60 (23.33)Heodo
2018-08-25SWIFT #35BKW.docdocd27d5e5a544de8c0e19c821cc9a94a6ae7bf9c34395eb03933b0e11c3307f024n/aHeodo
2018-08-25PAYROLL #61274IN.docdoce7fc41c22a535a1a89dd3824c86d51466389e1fac2c5723d44246c83cc421accn/aHeodo
2018-08-24PAYROLL #442318F.docdocd593c1fbae9c3c801ce59baced0bdd42f9dda84bac9ac4e6ae8ce493d10f275fVirustotal results 15 / 60 (25.00)Heodo
2018-08-24PAYMENT #64173NDOB.docdoc3901fac309a5bd8d78ce726155eed2a1e8edec962928427643de0d46a18ea4c0Virustotal results 14 / 60 (23.33)Heodo
2018-08-24PAYROLL #9395UEWOJH.docdoc7211098338c94b959329b7c696eee9e1074962ff1ae4cbe16241bcd0b43b7159Virustotal results 12 / 60 (20.00)Heodo
2018-08-24SEP #2600096ZQCDG.docdoce47619c518baf54a557a242bc35dfd19d92d09501f127b9e287747654004a79bVirustotal results 17 / 60 (28.33)Heodo
2018-08-24SWIFT #33A.docdoc3b802ffd0c926d6df13cee8e4da4c2f6dcdce946c542156390e5a1c9610e02c3Virustotal results 15 / 60 (25.00)Heodo
2018-08-24BIZ #4U.docdoc727c3085564e9e551bb9efbb2dbd3f1dd2fa6fc86cd3766bee812cfe806eb206n/aHeodo
2018-08-24SWIFT #0G.docdoca39c0df461e5079d5da65223ded2c100f9a2179225e5c84c71e12e31ebee94ffVirustotal results 12 / 60 (20.00)Heodo