Office (OOXML) / .XLSX malware analysis — malicious · 8935c5efb72afe8f

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 63211cd2708c93d32cc1137d46dd10f9 SHA-1: 224e7fe19ac0985c99bdb8d116e3cdcefd9d35fe SHA-256: 8935c5efb72afe8fdd54da80cdd48193561db286a83e89c2f160324d7b61e4e9

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The primary heuristic firing indicates this is a Qbot-related dropper document. Qbot, also known as Qakbot or Pinkslipbot, is a banking trojan and information stealer. While no specific payload or C2 infrastructure was extracted, the detection signature suggests its typical behavior of downloading and executing a secondary malicious payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.