Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 c950d2c157c74b7a…

MALICIOUS

Office (OLE) / .XLS

90.0 KB Created: 1998-09-29 01:52:48 Authoring application: Microsoft Excel
MD5: 40ab4f50b9acf88b3bf3298f770dcb8e SHA-1: 2e5e7f58f628ae615dd9ffcc19e06fc1702c7b0d SHA-256: c950d2c157c74b7af43aef1f833af3267d96c317fb6600eae231f6da2ca5a543
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is an Excel spreadsheet containing VBA macros. The presence of an 'Auto_Open' macro indicates that the malicious code will attempt to execute automatically when the document is opened and macros are enabled. The document body text is in Korean and appears to be related to payment or billing, likely serving as a lure. No specific malware family could be identified.

Heuristics 2

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
ce70d2e7d41fa8fb1e8ba5674d1cda70f1d1b298d498f8e381bb46e8637e5c83		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 3057 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.