Ldridex Office (OLE) / .XLS malware analysis — malicious · 79f79f7cbf400c51

MALICIOUS

Office (OLE) / .XLS

50.0 KB Created: 2020-09-21 10:44:36 Authoring application: Microsoft Excel

MD5: 33227543c947be9bd3164acf020b3d3c SHA-1: 48b9bf7516c29bd896307e294f32d10b1aa879d1 SHA-256: 79f79f7cbf400c510bb9ae38f6d75b0669a8e7b53bd45e5b301169caf7a34af6

80 Risk Score

Malware Insights

Ldridex · confidence 90%

MITRE ATT&CK

T1059.005 Visual Basic

The file was detected as Xls.Malware.Ldridex-9768648-0 by ClamAV, strongly indicating the Ldridex family. The presence of VBA macros, as flagged by the OLE_VBA_MACROS heuristic, is a common delivery mechanism for Ldridex. The obfuscated document body text further supports the malicious intent, likely to disguise a phishing or financial scam.

Heuristics 2

ClamAV: Xls.Malware.Ldridex-9768648-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Malware.Ldridex-9768648-0
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `6dd09fcae616c588dcab782470b37344caca40942aff346ce73c53cf82b9424f`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	2339 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.