Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 8cc9f0254572b07f…

MALICIOUS

Office (OLE) / .XLS

953.0 KB Created: 2021-09-23 20:43:06 Authoring application: Microsoft Macintosh Excel First seen: 2022-11-10
MD5: 26002e9a73d258b7b33bc06883fab064 SHA-1: 0c40968038411f9c4c05d69c91558a18c4eb5f60 SHA-256: 8cc9f0254572b07fb39e3e668374c34501093262f922afecb99782d37fb4c0d0
82 Risk Score

Malware Insights

MITRE ATT&CK
T1204 Malicious Link T1204.001 Malicious Link: Malicious Link

The file is an Excel spreadsheet containing VBA macros. The macro code explicitly adds a hyperlink to the URL "https://www.myonlinetraininghub.com/excel-hyperlink-buttons" and attempts to follow it. This suggests a social engineering attack aiming to direct the user to a potentially malicious website.

Heuristics 3

  • ClamAV: Xls.Downloader.be3e9999e42690c3-9978797-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Downloader.be3e9999e42690c3-9978797-0
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://www.myonlinetraininghub.com/excel-hyperlink-buttons

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
0dd46f15b87ac5d4fbb01f4ac5a60c4991dadeda79ec90ba5d029ff9fcf22da9		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1422 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.