Malicious Office (OLE) / .XLS — malware analysis report

Static analysis result for SHA-256 f782020164bde3df…

MALICIOUS

Office (OLE) / .XLS

64.5 KB Created: 2021-08-17 12:24:08 Authoring application: Microsoft Excel
MD5: 2002bee5aa918492d89af335e00585f8 SHA-1: a23f28a410ec987976ca724a816716ba8266201f SHA-256: f782020164bde3dfd59313e239705dd55c511ac8422888a578157a0610c2da02
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.005 Visual Basic T1204.002 Malicious File

The sample is an Excel file containing a VBA macro that is automatically executed upon opening (Auto_Open). This macro utilizes the ScriptControl object to execute code embedded within the document's 'Subject' and 'Comments' properties. This technique is commonly used by downloaders to fetch and run additional malicious payloads.

Heuristics 3

  • ClamAV: Xls.Downloader.MirrorBlast-f8f807074fc98734-9955046-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Downloader.MirrorBlast-f8f807074fc98734-9955046-0
  • Auto_Open macro high OLE_VBA_AUTO
    Auto_Open macro
  • VBA macros detected medium OLE_VBA_MACROS
    Document contains VBA macro code

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
macros.bas
0278d22c57457c6ea65486c5e13f4b06bae683e9ef9fa360c905d1932da96848		 vba-macro oletools.olevba.extract_macros (decoded VBA source) 862 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.