Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 375769fe934452ad…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 3bc3d191adf3e4dc49930dff9b7b5ffb SHA-1: 21ae12efaf5b883aa6b2ae54b6a7181bb4a7d131 SHA-256: 375769fe934452ad7eabca632c99f72ce19c004f41d75d74e5593e104eb3df3e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: User Execution: Malicious File

The file is identified by ClamAV as a known dropper variant (Xls.Dropper.QbotDocu12020-9818439-0), indicating its primary purpose is to deliver and execute other malware. The file's structure and detection name suggest it is part of a phishing campaign, likely delivered as an attachment to lure users into opening it and triggering the malicious payload.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.