Dridex — Office (OOXML) malware analysis

Static analysis result for SHA-256 9724d3c02fc8ac56…

MALICIOUS

Office (OOXML)

188.5 KB Created: 2021-08-16 09:36:27 UTC Authoring application: Microsoft Excel 12.0000 First seen: 2021-09-13
MD5: 4dd9e09436bad793a4708e53e9156e81 SHA-1: fc78823b2f3a311b6e001679ae3900841cd17686 SHA-256: 9724d3c02fc8ac567d0fb4123e4948fea37a4f9b4bad52152188d84f5473eaa8
68 Risk Score

Malware Insights

Dridex · confidence 95%

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1105 Ingress Tool Transfer

The file was detected by ClamAV as 'Xls.Downloader.DridexCyan08210-9887648-0', indicating it functions as a downloader for the Dridex banking trojan. The presence of a hidden worksheet is a common technique used to conceal malicious macro code, which likely facilitates the download and execution of the secondary payload.

Heuristics 2

  • ClamAV: Xls.Downloader.DridexCyan08210-9887648-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Downloader.DridexCyan08210-9887648-0
  • Hidden worksheet (hidden) low OOXML_HIDDEN_SHEET
    Excel workbook contains 1 hidden sheet(s) — hidden sheets are commonly used to conceal macro code, staging data, or intermediate payload construction

Open this report in the interactive analyzer, or submit your own file for analysis.