Office (OOXML) / .XLSX malware analysis — malicious · 7e8c29a55c023ebe

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 9f27de6c0828c2905a19fa2293e275ca SHA-1: 8bcaf9fd55bfcfa8dedfb870c2ab2c98946c03f5 SHA-256: 7e8c29a55c023ebee6af10f616ac63743604f6f749099e4b2084a51935dee24d

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is an Excel document flagged by ClamAV as a Qbot dropper. While no specific malicious content like VBA or embedded scripts was extracted, the detection signature suggests it functions as a downloader for further malicious activity, likely Qbot malware. The primary attack pattern is therefore delivering a malicious payload via a document attachment.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.