Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 280198bbdf18ef5c…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 8bdc1ba2d676279fe2b58303bd8e95c5 SHA-1: 1ea9cc1701ae2a378ed3a7342a7e6220467ff21d SHA-256: 280198bbdf18ef5c9a17c48f9b8399afb4b4fd578bf1c9fc63b164a226360401
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper. The presence of macro-related heuristics suggests it likely attempts to exploit the user's trust to enable macros, which would then execute malicious code, potentially downloading further stages of malware. No specific scripts or URLs were extracted, limiting further analysis of the payload.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.