Malicious RTF — malware analysis report

Static analysis result for SHA-256 5a3697a600c0eaaa…

MALICIOUS

RTF

8.7 KB Authoring application: Msftedit 5.41.21.2509
MD5: 46c95699b12cde8d458c756b4ec2d7bb SHA-1: a19653be6631c1274c9f83ee44283d801a628535 SHA-256: 5a3697a600c0eaaadbd46efabc66a203483d984ab8a6bd5faab86073a9903f8a
140 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The RTF file contains an embedded OLE object, specifically a package object, which is a strong indicator of malicious intent. ClamAV also detected the Eicar-Test-Signature, confirming the presence of known malicious content. The embedded object is the primary artifact suggesting an attack pattern.

Heuristics 4

  • ClamAV: Eicar-Test-Signature critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Eicar-Test-Signature
  • Package object class high RTF_OBJCLASS_PACKAGE
    OLE Package object — can wrap arbitrary files
  • OLE object data medium RTF_OBJDATA
    RTF contains 1 \objdata section(s) — embedded OLE objects
  • Embedded OLE object medium RTF_OBJEMB
    RTF contains \objemb — embedded OLE object

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
objdata_00_off00000123.bin
907c36cb6a868cf754eca494cc2cbfed7e40f34b22136147d8dd5bc09b4ed0cd		 rtf-objdata-decoded RTF \objdata at offset 0x123 437 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.