Malicious RTF / .BAT — malware analysis report

Static analysis result for SHA-256 ad8f173e74f166ba…

MALICIOUS

RTF / .BAT

512 B Authoring application: Msftedit 5.41.21.2509
MD5: 618b428cd026d8f0f37dc9ef930b217b SHA-1: 00ff81a33621f9bb98b3273fb9f992705d26bd41 SHA-256: ad8f173e74f166ba42c89219403db601c5b0e34d04b490096cbf2b4d42b5d932
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.003 Windows Command Shell

The sample is an RTF file containing a batch script. The script's primary function appears to be renaming existing executables in the directory to 'V<original_name>' and hiding them with the '+h' attribute. It then copies itself into the directory and renames it to an executable extension, potentially to masquerade as a legitimate program or to facilitate further execution. The ClamAV heuristic also flags it as a legacy trojan.

Heuristics 1

  • ClamAV: Legacy.Trojan.Trojan-92 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Legacy.Trojan.Trojan-92

Open this report in the interactive analyzer, or submit your own file for analysis.