Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 b6739c2f2e380325…

MALICIOUS

Office (OLE)

627.5 KB Created: 2012-10-27 09:03:02 Authoring application: Microsoft Excel First seen: 2015-09-30
MD5: 8a0fd6c3b90f3e733da14b5357009e80 SHA-1: 38006c1ebc03b0aa6462fb98033d82bb75aa70fe SHA-256: b6739c2f2e38032571fba1338377928274d700b621e6d36fa0d8787244b979bd
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as a legacy Excel formula macro virus, specifically mentioning 'Poppy by VicodinES' and 'Narkotic Network'. The document body, presented as a student grade report, serves as a lure to encourage opening the malicious Excel file. The presence of these indicators strongly suggests a malicious intent, likely to execute embedded macro code.

Heuristics 1

  • Legacy Excel formula macro virus marker critical OLE_XLS_FORMULA_MACRO_VIRUS
    Workbook stream contains self-identifying legacy Excel formula macro virus markers. This indicates the document carries formula macro virus content even when no VBA project or modern XLM macro-sheet structure is present.