Malicious Office (OLE) / .DOC — malware analysis report

Static analysis result for SHA-256 583ac3dcc5fd855b…

MALICIOUS

Office (OLE) / .DOC

25.5 KB Created: 2021-04-29 15:46:00 Authoring application: Microsoft Office Word
MD5: 5a8de7d69018d3dace98803b4221a093 SHA-1: 8508dcb48af1621c4d41d0684d8a7371eeb3c6df SHA-256: 583ac3dcc5fd855b3314f27ee248df3fac41c61459860c2de7a8a2942139c920
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The document body clearly exhibits characteristics of an advance-fee scam, impersonating a former minister to solicit funds. The embedded URL, though benign, is presented as a reference for the impersonated individual. No scripts were extracted, and the primary lure is social engineering within the document content.

Heuristics 3

  • Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE
    Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
  • Callback phishing phone lure medium SE_CALLBACK_LURE
    Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gov.za/about-government/contact-directory/susan-shabangu-ms
    • http://schemas.openxmlformats.org/drawingml/2006/main

Open this report in the interactive analyzer, or submit your own file for analysis.