Office (OOXML) / .XLSX malware analysis — malicious · 4537f0a1ac2fc663

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 989dff71c1e3fe2d380b1ab2cd2042bf SHA-1: 095b4d932dd9b9bd070dc65338baa48080b6a823 SHA-256: 4537f0a1ac2fc6631e8f41f2fbb5c910af0a55d8b5a18867253604bc0c6006a0

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper. The Office (OOXML) file type suggests it likely uses social engineering to trick the user into enabling macros. Once enabled, it is expected to download and execute a secondary payload, consistent with Qbot-like behavior.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.