Office (OOXML) / .XLSX malware analysis — malicious · 56b97f1f51f0ffff

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 4c49b2775d3950b86208cf2bcc3c9c8e SHA-1: 61e67209c0fbdc324f6e8e16ea011ca35ef6da08 SHA-256: 56b97f1f51f0ffff7552a54157981816d8c19f192b6e4a9190bfb014b0bf4061

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, indicating it functions as a dropper. The primary attack vector is likely social engineering to convince the user to enable macros, which would then execute malicious code. Without VBA or script content, the exact payload delivery mechanism cannot be determined, but the dropper nature suggests it downloads and executes a secondary stage.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.