URLhaus Database

You are currently viewing the URLhaus database entry for http://closhlab.com/bQh2tz4/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry


ID:88902
URL:http://closhlab.com/bQh2tz4/
URL Status:Offline
Host:closhlab.com
Date added:2018-12-04 14:30:11 UTC
Threat:Malware download Malware download
Google Safe Browsing:Clean
Spamhaus DBL:Not listed
SURBL:Not listed
Reporter:@abuse_ch
Abuse complaint sent (?): Yes (2018-12-04 14:32:03 UTC to ip-admin{at}coloquest[dot]com)
Takedown time:13 hours, 58 minutes Good
Tags:emotet exe heodo

Payload delivery


The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTSignature
2018-12-04XqMuer66.exeexeaec1445a53f1332af15e4af584f218292423da8d68cff5034fba6794b7c7a44dVirustotal results 18 / 70 (25.71)
2018-12-04ayFwi9mzkA.exeexeee0695bcac6a8a1e400419acd34b206dff68a13d3b556154cfd27ef446f0fd2cVirustotal results 18 / 70 (25.71)Heodo
2018-12-04cWP93ZOtZk.exeexee8f2ff23543e3d48a08b9e941de5858a298ef7830ba76c983e8c4d50dc2cbf4bVirustotal results 18 / 70 (25.71)Heodo
2018-12-04lWBAMgvX.exeexe00745b3654a1be183c34a9f2a802436e01ac5abb9da7bb5b8302dcd63561a404Virustotal results 20 / 71 (28.17)Heodo
2018-12-04Px9DypiAtC.exeexe7d6c459e2f5386b24d15b5e5904aca31fad71113acc61e8eb07122a66501434aVirustotal results 15 / 70 (21.43)Heodo
2018-12-04Jx4R3tYL0Y.exeexe7641027a29cc6e90041e3054db745e3f2a6d9dc2ab7ecbbfd16c05c8fd49e03cVirustotal results 17 / 69 (24.64)Heodo
2018-12-04B32Ris9C.exeexee3742777797efabad90c804001c03785fa089a9ca6acb6bb5f14c5085a71db6cVirustotal results 15 / 69 (21.74)Heodo
2018-12-044cggZoPf.exeexe070b4b1bc67c2cd53d409ff687469ebdc5b44acd73ee7527f92e8eca679d1dbeVirustotal results 15 / 70 (21.43)Heodo
2018-12-04GQogWgzrP.exeexe15a257385d041e82dbb6b52b627505109fcd1987f7732fbdbf1f1807a9e22affVirustotal results 11 / 69 (15.94)Heodo