MALICIOUS
100
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic for Applications
The file is identified as a malicious Excel 4.0 (XLM) macro-based document. The presence of 'OLE_XLM_AUTOOPEN' and 'OLE_XLM_LEGACY_MACRO_VIRUS' heuristics strongly indicates the execution of legacy XLM macros upon opening. These macros are often used to download and execute further stages of malware. The embedded URLs are likely part of the initial infection chain.
Heuristics 3
-
Legacy XLM macro-virus family marker critical OLE_XLM_LEGACY_MACRO_VIRUSWorkbook contains an Excel 4.0 macro Auto_Open chain and legacy macro-virus family strings. This is a narrow indicator for infected XLM workbooks rather than ordinary formula use.
-
Excel 4.0 (XLM) Auto_Open + macro sheet high OLE_XLM_AUTOOPENWorkbook contains an Auto_Open / Auto_Close defined name together with an Excel 4.0 macro sheet — the canonical XLM auto-execution shape used by malware families such as Emotet and QakBot.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.tcvg.hochiminhcity.gov.vn/bang_gia_vlxd/bang_gia_vlxd/quy12007/Congdoan\Diem
- http://www.tcvg.hochiminhcity.gov.vn/bang_gia_vlxd/bang_gia_vlxd/quy12007/Linh2003\baocaodotxuat\k1202(sang).xls
- http://www.tcvg.hochiminhcity.gov.vn/bang_gia_vlxd/bang_gia_vlxd/quy12007/Linh2003\SOKTMAY.xls
Open this report in the interactive analyzer, or submit your own file for analysis.