Office (OLE) / .XLS malware analysis — malicious · a35b42d3fa543d26

MALICIOUS

Office (OLE) / .XLS

55.5 KB Created: 2021-10-26 07:18:39

MD5: ed72f2a8346818ec6f2d799363169bc2 SHA-1: 0cff3f5885da52e4004aba2ad5d4a849684690d4 SHA-256: a35b42d3fa543d26e5d807c3e4148d90ed52b2e76153b06a93740f04bc58dd9a

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic

The file is an Excel spreadsheet containing VBA macros. The macros appear to be obfuscated but are designed to download and execute a second-stage payload. The ClamAV detection 'Win.Malware.Agent-9904503-0' further supports its malicious nature. Due to the obfuscation, the exact download URL and execution method cannot be confidently determined.

Heuristics 2

ClamAV: Win.Malware.Agent-9904503-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Malware.Agent-9904503-0
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `b31a43e64d0091ad2d96461b7c4d1d24270af1bdf93535686f8f1d91e2515ada`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	2103 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.