Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 39b96706abacd271…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 0001a8869f21e1c07be6e72c8045abfd SHA-1: ce9bd3791c8c2366b3e63444cf5739e86959afed SHA-256: 39b96706abacd2717dd01ef43044fcbfb484f5c39e344c01d0ccfd4c9f855d9c
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

Static analysis identified the file as a malicious Excel document. The CLAMAV_DETECTION heuristic indicates it is a known dropper, likely Qbot, designed to download and execute a secondary payload. No document body or scripts were extracted, limiting further analysis of the specific lure or execution method.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.