MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
T1204.002 Malicious File
The file contains Excel 4.0 macro sheets, a known technique for executing malicious code. The ClamAV detection explicitly identifies it as 'Xls.Downloader.Emotet-OOXML_XL', indicating its role as a downloader for the Emotet banking trojan. The macros are designed to execute a secondary payload, likely for further infection.
Heuristics 2
-
Excel 4.0 macro sheet (3 sheet(s)) critical OOXML_XLM_MACROSHEETSpreadsheet contains an Excel 4.0 (XLM) macro sheet — XLM was a major Office malware vector during 2020-2022 and evaded many VBA-focused controls before Microsoft tightened XLM defaults. Even legitimate XLM use is rare in modern workbooks. The macro sheet is stored as XLSB/BIFF12 binary content, which many XML-only OOXML scanners miss.
-
ClamAV: Xls.Downloader.Emotet-OOXML_XL-af43432fbcb8603c-9980048-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Xls.Downloader.Emotet-OOXML_XL-af43432fbcb8603c-9980048-0
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
xlm_sheet_00.bin538d0eab573ceba28c3b3a196e31f1bfe6a45b9961b9a862827df2286d4c0ece |
xlm-macrosheet | OOXML XLM macro sheet: xl/macrosheets/intlsheet1.bin | 2119 bytes |
xlm_sheet_01.bin76bb729a3fef1962dba3c4d4608bc67767a415d3068cfaefbab6dc04307f5716 |
xlm-macrosheet | OOXML XLM macro sheet: xl/macrosheets/sheet1.bin | 428 bytes |
xlm_sheet_02.bine107436a5f0bb0a25f454c2c3756c9b0d1befa58088a66751c1bc69dc47f10ec |
xlm-macrosheet | OOXML XLM macro sheet: xl/macrosheets/sheet2.bin | 428 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.