Office (OOXML) / .XLSX malware analysis — malicious · 9cd4e8a115a32ef1

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 29410e5359f37254de493503a2e8d5b6 SHA-1: de4e2f50d1f81cef27f59fa1848ceb31f90fb318 SHA-256: 9cd4e8a115a32ef1df3bf9fd9eac207869986b2816dbe9e93b2e7e8c5b3b2532

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper. The primary attack vector is likely social engineering to convince the user to enable macros, which would then execute the malicious payload. No specific scripts or URLs were extracted, but the detection name suggests a Qbot variant.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.