MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ae2efbe76221bfb63f5e03ccc86b36470fd35ae67a859c7232802acc9f373d7e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	ae2efbe76221bfb63f5e03ccc86b36470fd35ae67a859c7232802acc9f373d7e
SHA3-384 hash:	37a56cb5cbd268d217f99eea92447f471f88f36d9f21051ac835474e2ecc438419e763c4b108ca62e00c033789724786
SHA1 hash:	c480935f51314c306a101a1307895f1a3d9183d2
MD5 hash:	562d429223703b6f8edfe68bcbf76ff5
humanhash:	summer-london-kilo-salami
File name:	document.wbk
Download:	download sample
File size:	10'548 bytes
First seen:	2021-07-08 12:15:06 UTC
Last seen:	Never
File type:
MIME type:	text/plain
ssdeep	192:rsLsGY4za9Y3+cS/0l/g6NhfL0Y+gkCrnL9IaJLwWuydrhW:A+8a/2/7NLQCrLldhhW
TLSH	T143221AADF187429DCFCE7324251A19CD1668772CF3C0B09578BCA3303B26A569A16CB4
Reporter	info_sec_ca
Tags:	CVE-2017-11882 wbk

Intelligence

File Origin

# of uploads :

1

# of downloads :

95

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Spam-473.UNOFFICIAL

Sanesecurity.Malware.27333.RtfHeur.BadVer.UNOFFICIAL

SecuriteInfo.com.FakeRTF-1.UNOFFICIAL

Sanesecurity.Malware.26244.RtfHeur.UNOFFICIAL

MiscreantPunch.RTF.EvilRTF.CVE-2017-0199-Obfus.UNOFFICIAL

TwinWave.EvilDoc.RTFFakeVersionWithObjUpdateUKSurfMix.20200514.UNOFFICIAL

Result

Verdict:

MALICIOUS

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ae2efbe76221bfb63f5e03ccc86b36470fd35ae67a859c7232802acc9f373d7e/

Threat name:

Document-RTF.Exploit.CVE-2017-11882

Status:

Malicious

First seen:

2021-07-05 15:57:01 UTC

AV detection:

26 of 45 (57.78%)

Threat level:

5/5

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Lokibot

Score:

0.90

Link:

https://yomi.yoroi.company/submissions/ae2efbe76221bfb63f5e03ccc86b36470fd35ae67a859c7232802acc9f373d7e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ae2efbe76221bfb63f5e03ccc86b36470fd35ae67a859c7232802acc9f373d7e

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1436105/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample