RTF malware analysis — malicious · c46c650a055486e3

MALICIOUS

RTF

336.1 KB First seen: 2024-08-17

MD5: 664d2199ce137423c6b8fa18d28133dd SHA-1: 19e3c3836ea9c4e061f7b6f7b02fbcfecc589a70 SHA-256: c46c650a055486e3373f9d7162393234ba86719d4538c010f5c96c3da38e6963

88 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1027 Obfuscated Files or Information

The document uses urgency and advance-fee scam lures, combined with instructions for a password-protected archive, suggesting a social engineering attack to trick the user into handling a malicious payload. The RTF document's body contains highly obfuscated and technical-looking strings, likely intended to mask malicious code or de-obfuscate it upon opening. No specific malware family is identifiable from the provided heuristics.

Heuristics 3

Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE

Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE

Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
Urgency / deadline lure low SE_URGENCY_LURE

Document contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings

Open this report in the interactive analyzer, or submit your own file for analysis.