Malicious Office (OOXML) — malware analysis report

Static analysis result for SHA-256 6a2761a20cbfe048…

MALICIOUS

Office (OOXML)

1.24 MB Created: 2015-06-05 18:19:34 UTC Authoring application: Microsoft Excel 16.0300
MD5: 0ae07dba86e1983886e8ed5972fdcdc9 SHA-1: b10917047c0fb04f6be12ee998abb76153a85d33 SHA-256: 6a2761a20cbfe0487776e02c691bd103e28d5d463bb4d71b34f632b83e73321c
62 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File

The sample contains embedded Excel formulas that attempt to download a file from 'http://feedbackdownload.today/44389,7571259259.jpg' and save it as '..\ALBATROS1.dll'. It then attempts to execute this downloaded file using 'regsvr32 -silent ..\ALBATROS1.dll'. This indicates a downloader functionality, likely to fetch and run a second-stage payload.

Heuristics 2

  • ClamAV: Xls.Downloader.GreenEnable06212-9869361-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Downloader.GreenEnable06212-9869361-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://feedbackdownload.today/44389,7571259259.jpg

Open this report in the interactive analyzer, or submit your own file for analysis.