Office (OLE) / .XLS malware analysis — malicious · e0bf46e0291be5b6

MALICIOUS

Office (OLE) / .XLS

953.0 KB Created: 2021-09-23 20:43:06 Authoring application: Microsoft Macintosh Excel First seen: 2022-11-10

MD5: ac93e9da5ef5498cac69d076d135b93b SHA-1: f0e247c020c32a9723ef5239613378d7324e32fd SHA-256: e0bf46e0291be5b698ba9eb5a6cc1de81c59974132187b5eefe453ee776be3bb

82 Risk Score

Malware Insights

MITRE ATT&CK

T1204 Malicious Link T1204.001 Malicious Link: Malicious Link

The critical ClamAV heuristic identifies the file as a downloader. The VBA macro contains code that programmatically adds a hyperlink to a shape on the sheet and then attempts to follow it. This hyperlink leads to the URL https://www.myonlinetraininghub.com/excel-hyperlink-buttons, suggesting a social engineering lure to redirect the user to a potentially malicious website.

Heuristics 3

ClamAV: Xls.Downloader.be3e9999e42690c3-9978797-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Downloader.be3e9999e42690c3-9978797-0
VBA macros detected medium OLE_VBA_MACROS

Document contains VBA macro code
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://www.myonlinetraininghub.com/excel-hyperlink-buttons

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`macros.bas` `0dd46f15b87ac5d4fbb01f4ac5a60c4991dadeda79ec90ba5d029ff9fcf22da9`	vba-macro	oletools.olevba.extract_macros (decoded VBA source)	1422 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.