Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 521ccb769a6053c2…

MALICIOUS

Office (OLE) / .XLS

193.5 KB Created: 2019-06-03 01:31:10 Authoring application: Microsoft Excel
MD5: ed7adf1c1b12bc41fe23b393442e3eb6 SHA-1: e057cc00b274e255d4618150b17657bce6620088 SHA-256: 521ccb769a6053c2e2beb9c9deadf70f525b1be8ef30afe5e6d9cb2fca7fb7bb
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications T1566.001 Spearphishing Attachment

The sample is an XLS file containing VBA macros, identified by ClamAV as Xls.Malware.Emeka-10012113-0. The document body presents a fabricated payment notice or invoice from FESCO Adecco, likely intended to deceive the recipient into believing it is a legitimate financial document and initiating a payment. The presence of VBA macros suggests the potential for malicious code execution to facilitate this social engineering tactic.

Heuristics 3

  • ClamAV: Xls.Malware.Emeka-10012113-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Malware.Emeka-10012113-0
  • CreateObject call high OLE_VBA_CREATEOBJ
    CreateObject call
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
a14e9abef9c06ad41dfbd40d67286ff8660ecb0371a0dd9735402273d156ca9d		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 5637 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.