Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 8d7484898418ca20…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: f89559edbd2dd09551781eb1499cdb30 SHA-1: 977b80f7a62f026d6b5b694025d1648f3effbed8 SHA-256: 8d7484898418ca202d897a66862f7195c222c34ee740c484d7987fea9f376505
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper. The primary attack vector is likely social engineering to convince the user to enable macros, which would then execute malicious code. Without further script or body content, the exact payload and delivery mechanism remain unknown, but the heuristic strongly suggests a Qbot variant.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.