Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 a8001ba7374d7fa5…

MALICIOUS

Office (OLE) / .XLS

17.5 KB Created: 2010-06-30 02:07:58 Authoring application: Microsoft Excel
MD5: bb21b63a89d5ff0101fda28ccf7f0507 SHA-1: 0b5e22029dda0205597d69158144b729c736eeda SHA-256: a8001ba7374d7fa599e0f26a09b9540b5b3a4b2579dc56911371b8d70bb1f114
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic for Applications T1566.002 Spearphishing with Malicious Attachment

The file is an XLS document containing VBA macros, specifically an Auto_Open macro, which is a common technique for executing malicious code upon opening. The document body contains what appears to be agricultural subsidy information, suggesting a lure to trick the user into enabling macros. No specific payload or network indicators were extracted, hence the family is unknown and confidence is moderate.

Heuristics 2

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
d0819e487d8f301843c880a9d69afef9548fd14c47af43fcadf04d25e331490d		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 1356 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.