RTF drops file to XLSTART

VTI SCORE: 100/100

Dynamic Analysis Report

Classification: Trojan, Spyware

83b0d7926fb2c5bc0708d9201043107e8709d77f2cd2fb5cb7693b2d930378d2 (SHA256)

Invitation CBS 2018 .doc.rtf

RTF Document

Created at 2018-08-05 19:04:00

YARA Information

Applied On	Sample Files, PCAP File, Created Files, Modified Files, Process Dumps
Number of YARA matches	5

Ruleset Name	Rule Name	Rule Description	File Type	Filename	Classification	Severity	Actions
Malware	Retefe	Retefe banking trojan	Sample File	C:\Users\Nd9E1FYi\Desktop\Invitation CBS 2018 .doc.rtf	Spyware	5/5	... YARA Actions Show Ruleset Show File
Generic	VBA_Create_File	VBA macro contains file creation commands; possible dropper	Created File	C:\Users\Nd9E1FYi\AppData\Roaming\Microsoft\Excel\XLSTART\AddIn.XLAM	-	3/5	... YARA Actions Show Ruleset Show File
Generic	VBA_Execution_Commands	VBA macro may execute files or system commands	Created File	C:\Users\Nd9E1FYi\AppData\Roaming\Microsoft\Excel\XLSTART\AddIn.XLAM	-	3/5	... YARA Actions Show Ruleset Show File
Generic	VBA_Create_File	VBA macro contains file creation commands; possible dropper	Created File	C:\Users\Nd9E1FYi\AppData\Roaming\Microsoft\Excel\XLSTART\AddIn.XLAM	-	3/5	... YARA Actions Show Ruleset Show File
Generic	VBA_Execution_Commands	VBA macro may execute files or system commands	Created File	C:\Users\Nd9E1FYi\AppData\Roaming\Microsoft\Excel\XLSTART\AddIn.XLAM	-	3/5	... YARA Actions Show Ruleset Show File

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

YARA Information

Before

After