RTF drops file to XLSTART | Yara
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Trojan, Spyware

83b0d7926fb2c5bc0708d9201043107e8709d77f2cd2fb5cb7693b2d930378d2 (SHA256)

Invitation CBS 2018 .doc.rtf

RTF Document

Created at 2018-08-05 19:04:00

YARA Information

Applied On Sample Files, PCAP File, Created Files, Modified Files, Process Dumps
Number of YARA matches 5
Ruleset Name Rule Name Rule Description File Type Filename Classification Severity Actions
Malware Retefe Retefe banking trojan Sample File C:\Users\Nd9E1FYi\Desktop\Invitation CBS 2018 .doc.rtf Spyware
5/5
Generic VBA_Create_File VBA macro contains file creation commands; possible dropper Created File C:\Users\Nd9E1FYi\AppData\Roaming\Microsoft\Excel\XLSTART\AddIn.XLAM -
3/5
Generic VBA_Execution_Commands VBA macro may execute files or system commands Created File C:\Users\Nd9E1FYi\AppData\Roaming\Microsoft\Excel\XLSTART\AddIn.XLAM -
3/5
Generic VBA_Create_File VBA macro contains file creation commands; possible dropper Created File C:\Users\Nd9E1FYi\AppData\Roaming\Microsoft\Excel\XLSTART\AddIn.XLAM -
3/5
Generic VBA_Execution_Commands VBA macro may execute files or system commands Created File C:\Users\Nd9E1FYi\AppData\Roaming\Microsoft\Excel\XLSTART\AddIn.XLAM -
3/5
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image