Xls.Downloader.Agent08210-9888570-0 Office (OOXML) malware analysis — malicious · 7d3a024c5cafd8d8

MALICIOUS

Office (OOXML)

247.3 KB Created: 2011-08-29 12:03:33 UTC Authoring application: Microsoft Excel 16.0300 First seen: 2021-08-25

MD5: f44f21b08b60aebcee77dbe4108d6369 SHA-1: ddc1ad8ed7a257ce8e023e6ee194bd02afe7c449 SHA-256: 7d3a024c5cafd8d8348e1cbcdcb24da3aef244ddaf8f25405da76c33e67bdc3a

70 Risk Score

Malware Insights

Xls.Downloader.Agent08210-9888570-0 · confidence 90%

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is detected as malicious by ClamAV with the signature Xls.Downloader.Agent08210-9888570-0. It contains an external hyperlink to 'https://www.formtools.com/f/httpswwwofficecomauth2-1610', which is likely used to deliver a secondary payload. The presence of this hyperlink and the ClamAV detection strongly suggest a downloader or droppper malware.

Heuristics 3

ClamAV: Xls.Downloader.Agent08210-9888570-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Downloader.Agent08210-9888570-0
External hyperlinks (1) low OOXML_EXTERNAL_HYPERLINKS

Document contains 1 external hyperlink — clickable URLs are stored as external relationships. First target: https://www.formtools.com/f/httpswwwofficecomauth2-1610
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://www.formtools.com/f/httpswwwofficecomauth2-1610 Document hyperlink

Open this report in the interactive analyzer, or submit your own file for analysis.