Office (OOXML) / .XLSX malware analysis — malicious · 1d1a5045bee12ea1

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 305892891b001872daf98ee57f98f744 SHA-1: 13c0e0b89fd2d8f2fa6cdc3df3bb3b46c290d929 SHA-256: 1d1a5045bee12ea1b861ebe60694f2cce9c8e0571e5fd2dc6160dbb4d27405b0

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper for other malware. The primary attack pattern is likely spearphishing, where this malicious Excel file is delivered as an attachment to unsuspecting users. The specific payload and execution method are not detailed in the provided heuristics, but its role as a dropper is clear.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.