Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 5336d6cefffbab8e…

MALICIOUS

Office (OLE) / .XLS

265.0 KB Created: 2024-05-17 02:48:43 Authoring application: Microsoft Excel
MD5: bac42f333709e83d376eb3eb2a0a26cf SHA-1: e464867656b6cd93818c01512cd049d6dcfa5421 SHA-256: 5336d6cefffbab8e77b15fced3416c5390fc7382048d835b2997dc337daad8d4
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1566.002 Spearphishing Attachment

The file is a malicious Excel spreadsheet containing VBA macros, specifically an Auto_Open macro, which is a common technique for initial execution. The ClamAV detection signature 'Xls.Virus.Valyria-10004391-0' strongly indicates malicious intent. The macro is likely responsible for downloading and executing a second-stage payload.

Heuristics 3

  • ClamAV: Xls.Virus.Valyria-10004391-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Virus.Valyria-10004391-0
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
5849204f154b168b0ee8208761ee7482e84a0e6e27530c6656a1cc2b412caf03		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 2363 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.