MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bbe5d2a4665bfdd0401c948dcffc77559fc6afdb6e34ba1992163d4de827208b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bbe5d2a4665bfdd0401c948dcffc77559fc6afdb6e34ba1992163d4de827208b
SHA3-384 hash: 46ebe158be570fede7fe9fdcf19ab42482b3021f53d4819e14f1f8dca464c089222d5c85fecff7d6a8b26ed3b64180fe
SHA1 hash: 69b1d98e9a308e13f0abbade37bad51bad0f161e
MD5 hash: 6e1b85f5f079e205c4e1b430018c7dc0
humanhash: east-glucose-steak-mockingbird
File name:SecuriteInfo.com.Exploit.Rtf.CVE2012-0158.22236.17719
Download: download sample
File size:235'287 bytes
First seen:2020-05-18 20:37:25 UTC
Last seen:2020-05-19 09:11:58 UTC
File type:Rich Text Format (RTF) rtf
MIME type:text/rtf
ssdeep 768:lgKfAhB02+srqnjXRG0szipqwm+ea6T1cmd5:lGhXzCBG0szipqwm+ea6xDd5
TLSH 7134608C1C27738CB7F50D18A62470005A3DEE6DC7B4BE92D886F5A2C9E34C996774DA
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
2
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Exploit.Rtf.CVE2012-0158.22236.17719.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Document-Word.Exploit.CVE-2017-11882
Create hunting rule
Status:
Malicious
First seen:
2020-05-18 14:06:25 UTC
File Type:
Document
Extracted files:
18
AV detection:
21 of 47 (44.68%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-ajjfa5bw8e/
Behaviour
Launches Equation Editor
Modifies Internet Explorer settings
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Checks processor information in registry
Enumerates system info in registry
Office loads VBA resources, possible macro or embedded object present
Drops file in Windows directory
Use of msiexec (install) with remote resource
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments


Avatar
Manuel commented on 2020-05-19 09:13:54 UTC

http://redflagalgerie.com/admin/drylotsint.msi