MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
The RTF file contains multiple embedded OLE objects, indicated by RTF_OBJDATA and RTF_OBJEMB heuristics. ClamAV detection as 'Doc.Dropper.Agent-1691516' strongly suggests this file acts as a dropper for malicious content. The presence of OLE objects points towards exploitation of client-side vulnerabilities to execute a payload.
Heuristics 4
-
ClamAV: Doc.Dropper.Agent-1691516 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Dropper.Agent-1691516
-
OLE object data medium RTF_OBJDATARTF contains 4 \objdata section(s) — embedded OLE objects
-
Embedded OLE object medium RTF_OBJEMBRTF contains \objemb — embedded OLE object
-
OlePres presentation stream in RTF OLE object medium RTF_OLEPRES_STREAMRTF contains an embedded OLE object with an OlePres presentation stream. OlePres is an OLE presentation marker and is not enough on its own to identify CVE-2025-21298.
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
objdata_00_off0000012b.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x12B | 14939 bytes |
SHA-256: d7664b7d968622eeaa3f4c65ff4ce164c38edfaf44cfc91bc214efdbe9dbedbc |
|||
objdata_01_off0000792b.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x792B | 440 bytes |
SHA-256: ea5d234f81e7c6f4d2681a1e14ba35656c4caea1ff0358220f369a5f5b5ba6da |
|||
objdata_02_off00007cc1.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x7CC1 | 4821 bytes |
SHA-256: 60371ad591079b36dc281663e31ab1859e2f33da1aad4a7eef3cd32a4d785675 |
|||
objdata_03_off00008055.bin |
rtf-objdata-decoded | RTF \objdata at offset 0x8055 | 2347 bytes |
SHA-256: f180756a72c49ab825865be56755d2df3b56e2f8a2f1664890de39855704ceb9 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.