Office (OOXML) / .XLSX malware analysis — malicious · a2b42c88a9218c50

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 164b9fccc78034e2a084006f302e60e6 SHA-1: 724833726c4d8d8ac666a0ead1176827255a677b SHA-256: a2b42c88a9218c501e19d469a8463128594938d292599671059f1fbd8e9f2719

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper for malicious content. While no specific scripts or document body text were provided for analysis, the detection signature strongly suggests the Excel file's primary purpose is to download and execute a secondary payload, likely Qbot malware. The SHA256 hash is included as a primary indicator.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.