DarkGate — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 d088836f4f0c2f2c…

MALICIOUS

Office (OOXML) / .XLSX

51.1 KB Created: 2015-06-05 18:17:20 UTC Authoring application: Microsoft Excel 16.0300 First seen: 2024-05-20
MD5: fa6e204b64b33152653b96639211f8f1 SHA-1: 0068b98fa1d0844870950785588ee01e82e6499d SHA-256: d088836f4f0c2f2c4373775efde86cfe53ca20ed3a37423889c78105e1749576
68 Risk Score

Malware Insights

DarkGate · confidence 95%

MITRE ATT&CK
T1204 Malicious Link T1204.001 Malicious Link: User Execution

The critical ClamAV heuristic identifies the sample as Xls.Malware.DarkGate-10029489-1, strongly suggesting the DarkGate family. The presence of an external hyperlink pointing to a local HTA file on a network share indicates a likely attempt to trick the user into executing a malicious script hosted externally.

Heuristics 2

  • ClamAV: Xls.Malware.DarkGate-10029489-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Malware.DarkGate-10029489-1
  • External hyperlinks (1) low OOXML_EXTERNAL_HYPERLINKS
    Document contains 1 external hyperlink — clickable URLs are stored as external relationships. First target: file:///\\lincsnet.com\share\MS_EXCEL_DOCUMENT_HELPER.hta

Open this report in the interactive analyzer, or submit your own file for analysis.