Office (OLE) / .XLS malware analysis — malicious · a3bce360b06f8a3a

MALICIOUS

Office (OLE) / .XLS

265.0 KB Created: 2024-05-17 02:48:43 Authoring application: Microsoft Excel

MD5: 81c61a485a2784a9f33d7bedc3ca8e10 SHA-1: 609c130c7a3455276730ba1d0668643adf69d9bb SHA-256: a3bce360b06f8a3aff60261058a1ec3817e20dc51adc311619d753d648134993

120 Risk Score

Malware Insights

MITRE ATT&CK

T1059.005 Visual Basic T1566.001 Spearphishing Attachment

The sample is an Excel file with a high-confidence detection by ClamAV as Xls.Virus.Valyria-10004391-0. The presence of a VBA Auto_Open macro indicates that malicious code is designed to execute automatically when the spreadsheet is opened. This is a common delivery mechanism for malware. No specific IOCs were extracted beyond the macro detection itself.

Heuristics 3

ClamAV: Xls.Virus.Valyria-10004391-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Virus.Valyria-10004391-0
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `5849204f154b168b0ee8208761ee7482e84a0e6e27530c6656a1cc2b412caf03`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	2363 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.