IcedID — Office (OOXML) malware analysis

Static analysis result for SHA-256 24f54e8b7782baac…

MALICIOUS

Office (OOXML)

152.2 KB Created: 2015-06-05 18:19:34 UTC Authoring application: Microsoft Excel 16.0300
MD5: abcaec86c2ef6b2c5045fb8373c20769 SHA-1: 3a00f2fb536c72d9d206affa383b36267bebd754 SHA-256: 24f54e8b7782baace521bf8a018bffa54a6364ba6a0a5e6196f08ad972b53e93
68 Risk Score

Malware Insights

IcedID · confidence 95%

MITRE ATT&CK
T1105 Ingress Tool Transfer

The file is detected as IcedID malware by ClamAV, indicating a downloader family. Heuristics indicate the presence of hidden sheets, a common technique for obfuscating malicious content within Excel files. The document body contains VBA code that attempts to download a payload from the provided IP addresses, likely to execute a second-stage attack.

Heuristics 2

  • ClamAV: Xls.Downloader.IcedID-9f1f1d193a2a2a2b-9951463-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Downloader.IcedID-9f1f1d193a2a2a2b-9951463-0
  • Hidden worksheet (hidden) low OOXML_HIDDEN_SHEET
    Excel workbook contains 9 hidden sheet(s) — hidden sheets are commonly used to conceal macro code, staging data, or intermediate payload construction

Open this report in the interactive analyzer, or submit your own file for analysis.