Malicious Office (OLE) — malware analysis report

Static analysis result for SHA-256 be24f9c0d9f0789b…

MALICIOUS

Office (OLE)

37.8 KB First seen: 2019-04-18
MD5: a16b39afb0232117dce7e0bedd90b442 SHA-1: d7c013a2c46fa7aef50e4c72a50bfa2b264ea30f SHA-256: be24f9c0d9f0789b5dbfac1102f21a0fe4deb06b1f18e0112ad120083fc96948
80 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The sample is an encrypted and malformed Office document, which is a common tactic to evade static analysis and hide malicious payloads. The encryption and structural corruption suggest an attempt to conceal the true nature of the file, likely as part of a phishing campaign.

Heuristics 2

  • Encrypted Office package with CFB FAT corruption critical OLE_ENCRYPTED_AND_MALFORMED
    Encrypted-package shape co-occurs with FAT-chain corruption — the documented combined evasion form.
  • Office document is password-encrypted medium OFFICE_ENCRYPTED_PACKAGE
    OLE container holds MS-OFFCRYPTO encrypted package (Standard Encryption (Office 2007, AES)).