RTF malware analysis — malicious · 5c03258686979639

MALICIOUS

RTF

35.1 KB Created: 2021-05-20 03:02:00

MD5: 8114a8100bd38a703ca6f2e5cf04f030 SHA-1: c4a5fd22a1d1ad20bde0bd25d3b4b137dbbc9f2c SHA-256: 5c0325868697963998b2c486a42801f44c0243dcf7b5d977f68030f70391dde3

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The RTF document exhibits characteristics of an advance-fee scam, impersonating the IMF to solicit a response from the beneficiary. It directs the user to contact a specific individual at the South African Reserve Bank via phone or email to finalize a fraudulent money transfer, using a provided reference number.

Heuristics 3

Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE

Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
Callback phishing phone lure medium SE_CALLBACK_LURE

Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) documents that carry no urgency or charge/dispute escalation.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://schemas.microsoft.com/office/word/2003/wo

Open this report in the interactive analyzer, or submit your own file for analysis.