Rtf.Dropper.Agent-7159759-0 — RTF malware analysis

Static analysis result for SHA-256 c2ebe50697658729…

MALICIOUS

RTF

139.3 KB Created: 2011-04-15 10:34:00 First seen: 2019-11-20
MD5: 3deb2a5fcb6bf1f80a074fd351e6f620 SHA-1: 257b05b4edbbf7788904395927905d02dd5222f7 SHA-256: c2ebe5069765872955adbbd163c42ce60efbbf3a7061dacdcc6a871168f66c18
62 Risk Score

Malware Insights

Rtf.Dropper.Agent-7159759-0 · confidence 85%

MITRE ATT&CK
T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with the signature Rtf.Dropper.Agent-7159759-0, indicating it functions as a dropper. The presence of an embedded URL, though confirmed benign, suggests an attempt to fetch additional content. The RTF structure and dropper behavior point towards exploitation of a client vulnerability to execute a secondary payload, likely delivered via spearphishing.

Heuristics 2

  • ClamAV: Rtf.Dropper.Agent-7159759-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Rtf.Dropper.Agent-7159759-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://schemas.microsoft.com/office In RTF body

Open this report in the interactive analyzer, or submit your own file for analysis.