Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 b323173d8cc4bef1…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 0bb8b560bdf71919a00ea6ff38b6e58a SHA-1: c3eebc7ca5c82d1a1d0251b059807ec9225f4b4b SHA-256: b323173d8cc4bef1e308cae1128e404e11b907584458e28c4476a29cf01715fb
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper. The primary attack vector is likely social engineering to trick the user into enabling macros, which would then execute malicious code. No specific scripts or document body content were extracted, but the dropper nature suggests it downloads and executes a further stage.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.