MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d1b85d7670f9d954c9fa4301e00d42652b28d28f086a057b66368b5e6a4a15ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	d1b85d7670f9d954c9fa4301e00d42652b28d28f086a057b66368b5e6a4a15ef
SHA3-384 hash:	0de16b0046caa5af510e91217913b375f59e7e6a63b21fb38af1aac1e36642fdb358c0229c3e4c3c77655e1c38eaf440
SHA1 hash:	002f8092202f192c5c97273a7abc1db2ab8d13ee
MD5 hash:	3b0dd37195f6b612b71feac2bb50ad69
humanhash:	fish-robin-fanta-hotel
File name:	s.dot
Download:	download sample
File size:	8'828 bytes
First seen:	2021-07-02 11:48:44 UTC
Last seen:	Never
File type:	unknown
MIME type:	application/octet-stream
ssdeep	96:821kJ6/ez9ownzf+oBftaxuExyqQ3QKRTTjrwR2QasBKWb01ZAOZhvUeV/Ae4n3L:8t69wnzfffEYEx6rwR2WDI1ZXbxPA86H
TLSH	2F02F6ACDBA3039CDFAAB3B446351C8C4669735CC390461A353CB7B13B87D2A8B12874
Reporter	info_sec_ca
Tags:	CVE-2017-11882 dot

Intelligence

File Origin

# of uploads :

1

# of downloads :

76

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Spam-473.UNOFFICIAL

Sanesecurity.Malware.27333.RtfHeur.BadVer.UNOFFICIAL

SecuriteInfo.com.FakeRTF-1.UNOFFICIAL

Sanesecurity.Malware.26244.RtfHeur.UNOFFICIAL

MiscreantPunch.RTF.EvilRTF.CVE-2017-0199-Obfus.UNOFFICIAL

TwinWave.EvilDoc.RTFFakeVersionWithObjUpdateUKSurfMix.20200514.UNOFFICIAL

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/d1b85d7670f9d954c9fa4301e00d42652b28d28f086a057b66368b5e6a4a15ef

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d1b85d7670f9d954c9fa4301e00d42652b28d28f086a057b66368b5e6a4a15ef/

Threat name:

Document-RTF.Exploit.CVE-2017-11882

Status:

Malicious

First seen:

2021-07-02 10:04:23 UTC

AV detection:

21 of 45 (46.67%)

Threat level:

5/5

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.05

Link:

https://yomi.yoroi.company/submissions/d1b85d7670f9d954c9fa4301e00d42652b28d28f086a057b66368b5e6a4a15ef

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

unknown d1b85d7670f9d954c9fa4301e00d42652b28d28f086a057b66368b5e6a4a15ef

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1421937/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample