Office (OOXML) / .XLSX malware analysis — malicious · b76d2b8010e56615

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 1ba034c013d32adf8d1ad260719c39db SHA-1: b9f81e13fa6a38490f808d701091f9c10e48cda8 SHA-256: b76d2b8010e56615d895ffea4a8ecb6152202dd1f9418944c92b6f3e641298ec

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as a Qbot dropper. This suggests it is designed to deliver the Qbot banking trojan. The primary attack vector is likely social engineering to convince the user to enable macros, which would then execute the malicious payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.