Office (OOXML) / .XLSX malware analysis — malicious · 9c81f89af916edaf

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 9f70819d991d21020a488cfad666b4b9 SHA-1: b339a1cb3a07dd538beec5a8a4118c1c6f049c0c SHA-256: 9c81f89af916edafe1d1ccfe26fd3a0ca06501af70ea0e2ab234ad88e8a08c1f

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its function as a dropper for other malware. The detection name suggests it is part of the Qbot family, though direct script analysis is unavailable to confirm specific behaviors. Its primary purpose is to deliver and execute a malicious payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.