Office (OOXML) / .XLSX malware analysis — malicious · 553849fad1a38e30

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ca1f511eb75ec6145fa2f1e4e7ad78fe SHA-1: 65305e7825d3b5bf0184b6cca3d14c6e2dd2e17b SHA-256: 553849fad1a38e30354827d343d40c826af6888f0d3cf79e54c4162fd0c654a5

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper. While no specific VBA or script content was extracted, the detection name suggests it likely attempts to download and execute a secondary payload, a common tactic for Qbot-related malware. The file's nature as an Excel document strongly implies a phishing or social engineering vector to trick users into enabling macros.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.