Office (OLE) / .XLS malware analysis — malicious · dbd01d3eff17a2d7

MALICIOUS

Office (OLE) / .XLS

40.0 KB Created: 1996-12-17 01:32:42 Authoring application: Microsoft Excel

MD5: 44eb43a4353ad9be4c2a9d4818182d60 SHA-1: a90705082b8f8f3d376e10feb45d49925bd48abb SHA-256: dbd01d3eff17a2d77ab7571c7f9729a1c7ccd77d3d602cf3ac8503ee1e20a738

120 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1059.005 Visual Basic

The file is an Excel spreadsheet containing a large list of mobile phone models and associated text, presented in a way that suggests a sales or pricing list. The presence of an Auto_Open VBA macro, detected by heuristics, indicates that the document is designed to execute malicious code upon opening. The macro likely serves to further the phishing or scam objective by displaying this content and potentially downloading additional payloads or redirecting the user. The ClamAV detection 'Doc.Macro.Laroux-5893719-0' further confirms its malicious nature. Embedded phone numbers and a QQ ID are present, likely used for communication or as part of the scam.

Heuristics 3

ClamAV: Doc.Macro.Laroux-5893719-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Doc.Macro.Laroux-5893719-0
Auto_Open macro high OLE_VBA_AUTO

Auto_Open macro
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `e9801bef61dd481a32b4da851c61331e9e6c79fb13eeeca6f8304240cb334267`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1567 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.