Office (OOXML) / .XLSX malware analysis — malicious · aa19107ce880c6e7

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 5bebff333749fa8b34dcbe66242e13aa SHA-1: be88f9165ae4b3bb78d02b58690a6d13a9d9ee36 SHA-256: aa19107ce880c6e7cb4f600f5445610f682aec5406ed05611a9b49d2be9997b3

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The critical heuristic firing from ClamAV indicates this Excel file is a known dropper, likely Qbot. The file's structure as an OOXML XLSX document suggests it relies on macro execution to initiate its malicious activity. The primary goal is to download and execute a secondary payload, typical of Qbot's infection chains.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.