Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 e22921303791f180…

MALICIOUS

Office (OLE) / .XLS

4.93 MB Created: 2008-08-27 13:16:27 Authoring application: Microsoft Excel First seen: 2022-02-16
MD5: 216fbd95c2ab96dcc6bf44255397609d SHA-1: 58035d765122f0806f8196ec90560e5db2e50d6a SHA-256: e22921303791f1805495962c8089b0e04897ed69507122b591aacf300425a71f
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic

The file is an Excel spreadsheet containing VBA macros, specifically an Auto_Open macro, which is a common technique for executing malicious code upon opening. The macro prompts the user for a client code and password, suggesting a credential harvesting or social engineering attack. The macro code is partially truncated, limiting further analysis of its exact functionality, but the initial prompts are clear indicators of malicious intent.

Heuristics 2

  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
8c7cf74390553c280742ffd30690999c3a5f6a632bc9c2d09a97169ff142ba5e		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 6023 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.