MALICIOUS
82
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic for Applications
The sample contains VBA macros that utilize `CreateObject` and trigger hyperlinks when specific cells are interacted with. The document body and heuristics indicate a callback phishing or tech-support scam, prompting users to call phone numbers for account-related issues. The VBA script attempts to navigate to various URLs hosted on `mercergimd.com` when hyperlinks are followed, likely to harvest user credentials or provide further scam-related content.
Heuristics 4
-
CreateObject call high OLE_VBA_CREATEOBJCreateObject call
-
VBA macros detected medium OLE_VBA_MACROSDocument contains VBA macro code
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://www.mercergimd.com/secure/manager/PeopleDetails.asp?1=37279&&3=172099&&R=secure
- https://www.mercergimd.com/secure/manager/PeopleDetails.asp?1=37279&&3=172100&&R=secure
- https://www.mercergimd.com/secure/manager/PeopleDetails.asp?1=37279&&3=99746&&R=secure
- https://www.mercergimd.com/secure/manager/PeopleDetails.asp?1=37279&&3=135870&&R=secure
- https://www.mercergimd.com/secure/manager/PeopleDetails.asp?1=37279&&3=105672&&R=secure
- https://www.mercergimd.com/secure/manager/PeopleDetails.asp?1=37279&&3=135795&&R=secure
- https://www.mercergimd.com/secure/manager/PeopleDetails.asp?1=37279&&3=135856&&R=secure
- https://www.mercergimd.com/secure/manager/PeopleDetails.asp?1=37279&&3=162784&&R=secure�
- https://www.mercergimd.com/secure/product/InvestmentProductAbout.asp?1=
- https://www.mercergimd.com/secure/product/ProcessStyle.asp?1=
- https://www.mercergimd.com/secure/product/StrategyDetails.asp?1=�
- https://www.mercergimd.com/secure/product/ProductAssets.asp?1=�
- https://www.mercergimd.com/secure/product/Performance.asp?1=�
- https://www.mercergimd.com/secure/product/Vehicles.asp?1=
- https://www.mercergimd.com/secure/manager/About.asp?1=�
- https://www.mercergimd.com/secure/asset/AssetsUnderManagement.asp?1=�
- https://www.mercergimd.com/secure/manager/FirmHistory.asp?1=�
- https://www.mercergimd.com/secure/manager/Owners.asp?1=
- https://www.mercergimd.com/secure/manager/Litigation.asp?1=
- https://www.mercergimd.com/secure/manager/EmpCompensation.asp?1=�
- https://www.mercergimd.com/secure/manager/RiskMgmt.asp?1=
- https://www.mercergimd.com/secure/manager/esg.asp?1=�
- https://www.mercergimd.com/secure/product/vehicledetails.asp?1=
- https://www.mercergimd.com/secure/product/vehiclefees.asp?1=�
- https://www.mercergimd.com/secure/manager/About.asp?1=
- https://www.mercergimd.com/secure/asset/AssetsUnderManagement.asp?1=
- https://www.mercergimd.com/secure/manager/FirmHistory.asp?1=
- https://www.mercergimd.com/secure/manager/EmpCompensation.asp?1=
- https://www.mercergimd.com/secure/manager/esg.asp?1=
- https://www.mercergimd.com/secure/product/StrategyDetails.asp?1=
- https://www.mercergimd.com/secure/product/ProductAssets.asp?1=
- https://www.mercergimd.com/secure/product/Performance.asp?1=
- https://www.mercergimd.com/secure/product/vehiclefees.asp?1=
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas1a61d6249f91802b0043f4f464214bcd40485f2f69e8b1817ed2e168773dffba |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 8232 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.