Office (OOXML) / .XLSX malware analysis — malicious · 1aca83a1d3e8c737

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: e0a42b1da93e651e9250dd3d0c20a1d8 SHA-1: 9d8eb4523fe195c8164467ee7f3203cf6f9fa1db SHA-256: 1aca83a1d3e8c7376f26f86f488c8b265692253f83c95d44ff02af2d449694d5

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document flagged by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper. The presence of macro-related heuristics suggests it likely attempts to execute malicious code upon enabling macros, a common tactic for Qbot or similar malware families. The primary attack vector is likely spearphishing, with the document serving as an attachment to trick the user into running the embedded macro.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.