Office (OOXML) / .XLSX malware analysis — malicious · 2c7d7d78149f6d45

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: b6670e7f5059b6f3f96bea1e52d073e2 SHA-1: 79b833348385fd9ae00dcf4ecce4b66addaee751 SHA-256: 2c7d7d78149f6d4555009017c17f30031def44895f03ed25226f358990dbb96f

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as a dropper. The heuristic indicates it is likely designed to exploit macro execution to download and run a secondary payload. Given the detection name, it is probable that this file is part of a Qbot (also known as Qakbot or Pinkslipbot) distribution campaign.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.