IcedID — Office (OOXML) malware analysis

Static analysis result for SHA-256 f5967bc92b71174f…

MALICIOUS

Office (OOXML)

150.8 KB Created: 2015-06-05 18:19:34 UTC Authoring application: Microsoft Excel 16.0300
MD5: 183bc8a4f4516124ac9239d72cc7827a SHA-1: 029ba3fed60fcbd8cdcccb80ca7d11b5cc59eec2 SHA-256: f5967bc92b71174f9181d6692b667f610944589cc6c061574c405950bd1b8a75
68 Risk Score

Malware Insights

IcedID · confidence 95%

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is detected as IcedID by ClamAV, a known banking trojan. Heuristics indicate the presence of hidden worksheets, a common technique for obfuscating malicious content within Excel files. The document body contains a string that appears to be an attempt to download and execute a payload from the provided IP addresses, likely establishing the initial stage of the IcedID infection chain.

Heuristics 2

  • ClamAV: Xls.Downloader.IcedID-9f1f1d193a2a2a2b-9951463-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Downloader.IcedID-9f1f1d193a2a2a2b-9951463-0
  • Hidden worksheet (hidden) low OOXML_HIDDEN_SHEET
    Excel workbook contains 9 hidden sheet(s) — hidden sheets are commonly used to conceal macro code, staging data, or intermediate payload construction

Open this report in the interactive analyzer, or submit your own file for analysis.