MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1059 Command and Scripting Interpreter
T1059.005 Visual Basic
The file is identified as a malicious Excel 4.0 macro-enabled document. The presence of Excel 4.0 macro sheets and the ClamAV detection signature 'Xls.Downloader.Emotet-OOXML_XL-af43432fbcb8603c-9980048-0' strongly indicate that this file is part of the Emotet malware distribution. The macros are likely designed to download and execute a further stage of the Emotet payload.
Heuristics 2
-
Excel 4.0 macro sheet (3 sheet(s)) critical OOXML_XLM_MACROSHEETSpreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.
-
ClamAV: Xls.Downloader.Emotet-OOXML_XL-af43432fbcb8603c-9980048-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Xls.Downloader.Emotet-OOXML_XL-af43432fbcb8603c-9980048-0
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
xlm_sheet_00.bin9b1fdef6d0824498699cd736122a46adfba44045a4853cccb8773fbc78a32fc3 |
xlm-macrosheet | OOXML XLM macro sheet: xl/macrosheets/intlsheet1.bin | 2118 bytes |
xlm_sheet_01.bin76bb729a3fef1962dba3c4d4608bc67767a415d3068cfaefbab6dc04307f5716 |
xlm-macrosheet | OOXML XLM macro sheet: xl/macrosheets/sheet1.bin | 428 bytes |
xlm_sheet_02.bine107436a5f0bb0a25f454c2c3756c9b0d1befa58088a66751c1bc69dc47f10ec |
xlm-macrosheet | OOXML XLM macro sheet: xl/macrosheets/sheet2.bin | 428 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.