Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 319ad11571e4beb0…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: b564ed8e7b67c8ed466912266be7b0a4 SHA-1: 2394f63804ffa02f058eacf8a1461a8fcd2ad4d6 SHA-256: 319ad11571e4beb098bf59dfea05e98e725063f07e0b061eba96430cf263c96e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper. The file's nature as an Office document strongly suggests it relies on social engineering to trick the user into enabling macros, which would then initiate the payload download and execution.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.