Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 35e86e8813b797c3…

MALICIOUS

Office (OLE) / .XLS

6.17 MB Created: 2008-08-27 13:16:27 Authoring application: Microsoft Excel
MD5: 94608ab43f4962d0058fca3f66ec4092 SHA-1: a6cecc19e5ea27fde21f7bd588b7b71b3f6b77a1 SHA-256: 35e86e8813b797c38d5f35fbaea1a8ebabb780b2b0fd3649fc2f042ddd9d3f18
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

This XLS file contains VBA macros, specifically an Auto_Open macro, which is a common technique for executing malicious code upon opening. The macro prompts the user for a client code and password, suggesting a credential harvesting or social engineering attack. The macro is truncated, preventing a full analysis of its ultimate payload, but the initial interaction is clearly designed to elicit sensitive information from the user.

Heuristics 2

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
8c7cf74390553c280742ffd30690999c3a5f6a632bc9c2d09a97169ff142ba5e		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 6023 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.