popup

Report - file.rtf

  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.04.22 07:29 Machine s1_win7_x6401
Filename file.rtf
Type Rich Text Format data, version 1, unknown character set
AI Score Not founds Behavior Score
2.8
ZERO API file : clean
VT API (file)
md5 9ca89139d0918e5078122113fc883a7e
sha256 964158c6194c749d2cfc79d3e40ce26c4a3827566b59590c3b25ef14c82e449f
ssdeep 768:5C3VZ/vmwTde7KZciHYOX7tKim4iB11tRClT:5C3VZ/vmwTde7KZciHYOX7tKim4iBkT
imphash
impfuzzy
  Network IP location

Signature (7cnts)

Level Description
notice Allocates read-write-execute memory (usually to unpack itself)
notice Creates hidden or system file
notice HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice One or more potentially interesting buffers were extracted
notice Performs some HTTP requests
notice RTF file has an unknown character set
notice Sends data using the HTTP POST Method

Rules (1cnts)

Level Name Description Collection
info Rich_Text_Format_Zero Rich Text Format Signature Zero binaries (upload)

Network (12cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
https://asw-sns.link/202/0BDXUKUO8U8p243usxNT46Yj5zTXyrUwpuXOqx92/45326/2623/14188cd3
whois
Unknown 203.55.176.12 clean
https://mofa.iugur.live/2623/1/45326/3/1/1/1840589558/files-910af97c/1/plaoi
whois
MD MivoCloud SRL 185.163.45.56 clean
https://mofa.iugur.live/2623/1/45326/3/1/1/1840589558/files-4057b130/1/lkjhg
whois
MD MivoCloud SRL 185.163.45.56 clean
https://mofa.iugur.live/2623/1/45326/3/3/1/1840589560/files-16aef47a/1/cuui?data=AQZ0ZXN0MjInSW50ZWwoUikgQ29yZShUTSkgaTUtODQwMCBDUFUgQCAyLjgwR0h6ATISXFwuXFBIWVNJQ0FMRFJJVkUwCzM0MzU2OTk0NTYwBzUyNDI0MjQIMTA0ODMwMDQJVEVTVDIyLVBDDDk0REUyNzhDMzI3NA==
whois
MD MivoCloud SRL 185.163.45.56 clean
https://mofa.iugur.live/2623/1/45326/3/3/0/1840589382/files-72843a7a/0/data?d=
whois
MD MivoCloud SRL 185.163.45.56 clean
https://mofa.iugur.live/2623/1/45326/3/3/1/1840589560/files-a2da9285/1/lapd?data=2
whois
MD MivoCloud SRL 185.163.45.56 clean
https://mofa.iugur.live/2623/1/45326/3/3/1/1840589560/files-a2da9285/1/lapd?data=1
whois
MD MivoCloud SRL 185.163.45.56 clean
https://mofa.iugur.live/2623/1/45326/3/1/1/1840589382/files-52f76d0b/0/
whois
MD MivoCloud SRL 185.163.45.56 clean
asw-sns.link
whois
Unknown 203.55.176.12 clean
mofa.iugur.live
whois
MD MivoCloud SRL 185.163.45.56 clean
185.163.45.56
whois
MD MivoCloud SRL 185.163.45.56 clean
203.55.176.12
whois
Unknown 203.55.176.12 clean

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

Similarity measure (PE file only) - Checking for service failure