Office (OLE) / .XLS malware analysis — malicious · 28221d5ed7a6b37a

MALICIOUS

Office (OLE) / .XLS

64.5 KB Created: 2021-08-17 12:24:08 Authoring application: Microsoft Excel

MD5: deaad3ea1c708cd99e41c4043169aa4d SHA-1: f01d47b24b74ff5926efc1b6bacbc922d887fd30 SHA-256: 28221d5ed7a6b37a4a0e5be77a9137378b1b6ca850c6327b77eae7a2b4437c96

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic for Applications

The file is an Excel XLS document containing a VBA macro. The Auto_Open macro utilizes the ScriptControl object to execute JavaScript code embedded within the document's Subject and Comments properties. This script execution is a common technique for downloading and executing further malicious payloads. The ClamAV detection name 'Xls.Downloader.MirrorBlast' further supports this assessment.

Heuristics 3

ClamAV: Xls.Downloader.MirrorBlast-f8f807074fc98734-9955046-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Downloader.MirrorBlast-f8f807074fc98734-9955046-0
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `0278d22c57457c6ea65486c5e13f4b06bae683e9ef9fa360c905d1932da96848`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	862 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.