Malicious RTF — malware analysis report

Static analysis result for SHA-256 9bdf3861075d10ee…

MALICIOUS

RTF

15.3 KB Authoring application: Msftedit 5.41.15.1507
MD5: 69fed27cc596b805b012e5d791b690f6 SHA-1: 570b9737eca50e6e0f32692dac5b7b76504d85a3 SHA-256: 9bdf3861075d10ee2c774061def37d4bfd220d7af67f6a3f3de09530be327998
80 Risk Score

Malware Insights

MITRE ATT&CK
T1559 Component Object Model Hijacking T1559.001 Component Object Model Hijacking: Component Object Model Hijacking

The RTF file contains embedded OLE objects, indicated by the RTF_OBJDATA, RTF_OBJEMB, and RTF_OBJCLASS_PACKAGE heuristics. These objects are commonly used to deliver malicious payloads or exploit vulnerabilities when the document is opened. The specific nature of the payload is not discernible from the static analysis alone.

Heuristics 3

  • Package object class high RTF_OBJCLASS_PACKAGE
    OLE Package object — can wrap arbitrary files
  • OLE object data medium RTF_OBJDATA
    RTF contains 1 \objdata section(s) — embedded OLE objects
  • Embedded OLE object medium RTF_OBJEMB
    RTF contains \objemb — embedded OLE object

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
objdata_00_off000000e9.bin
ed106d103a9e1c27f5235a38e8e1cc97bd8b64924bd72439f686e9c7a37a1a66		 rtf-objdata-decoded RTF \objdata at offset 0xE9 3751 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.