Xls.Dropper.Agent-8250708-0 — Office (OLE) / .XLS malware analysis

Static analysis result for SHA-256 14c095de80cc260a…

MALICIOUS

Office (OLE) / .XLS

1.23 MB Created: 2020-06-15 17:47:20 Authoring application: Microsoft Excel
MD5: d46c217048acbda425f1665d7859fd93 SHA-1: a993f8b2e76838242bdca7d7086302ef733a893d SHA-256: 14c095de80cc260a50fd31306fd372b9d88d8d6dc9f50c0efac3b387107df75e
120 Risk Score

Malware Insights

Xls.Dropper.Agent-8250708-0 · confidence 95%

MITRE ATT&CK
T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The file is identified as a malicious Excel 4.0 macro sheet by ClamAV and heuristic analysis. The presence of encrypted macros and the 'AUTOOPEN' event strongly suggest that the macro sheet is designed to execute automatically upon opening, likely to download and execute a further stage of malware. The specific ClamAV detection name 'Xls.Dropper.Agent-8250708-0' further supports this dropper functionality.

Heuristics 3

  • ClamAV: Xls.Dropper.Agent-8250708-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.Agent-8250708-0
  • Encrypted Excel 4.0 macro sheet high OLE_XLM_ENCRYPTED_MACROSHEET
    Workbook contains an Excel 4.0 macro sheet and BIFF FILEPASS encryption. Password-protected XLM macro sheets, especially the default Excel password path, are a common malware evasion pattern because static formula extraction may fail until the workbook is decrypted.
  • Excel 4.0 (XLM) macro sheet present medium OLE_XLM_AUTOOPEN
    Workbook contains an Excel 4.0 macro sheet sub-stream — XLM is rarely seen in modern legitimate workbooks and was a major Office malware vector during 2020-2022.

Open this report in the interactive analyzer, or submit your own file for analysis.