Office (OOXML) / .XLSX malware analysis — malicious · 9cd2838c1ea823f5

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: d0ea6d19d04dfcbe518eccf57c8f7d27 SHA-1: d78305d5784d8bb9f2f1b1587e6aa1780313cb33 SHA-256: 9cd2838c1ea823f5972e72e98c7302d582af1e9c27b6b8da42ceecfb111609ae

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is an Excel document identified by ClamAV as a Qbot dropper. Qbot, also known as Qakbot or Pinkslipbot, is a banking trojan and information stealer. The heuristic firing indicates the file's primary function is to deliver and execute other malware. No specific IOCs were extracted, but the file's nature suggests it is part of a phishing or social engineering campaign.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.