Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 82a71c4f750d7144…

MALICIOUS

Office (OLE)

64.0 KB Created: 2003-12-31 08:46:19 Authoring application: Microsoft Excel First seen: 2015-09-20
MD5: 4f2da45251a383a74ae0a5d80ac38700 SHA-1: 9bf8de14776662c0342d1a547311987f007a80f7 SHA-256: 82a71c4f750d7144e5e41654c5183cfc9112fddfb3a5ed72b4ca9b2ea88ae6e7
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The sample is an Excel file identified as a legacy Excel formula macro virus. The document body contains text that appears to be a financial report, likely intended to trick the user into enabling macros. The heuristic firing and embedded text confirm the presence of the 'XF.Classic' macro virus, associated with 'The Narkotic Network'.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.