Office (OOXML) / .XLSX malware analysis — malicious · ba208605ac6a5979

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 87a414bb541a60d1fd725398fd485321 SHA-1: ebae169446c2967185e2ad5ce2a96d78080e48d7 SHA-256: ba208605ac6a5979bb91c5ab340498b0dc011f6bff888f154a2f8bca40f28769

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is an Excel document identified by ClamAV as a Qbot dropper. Qbot, also known as Qakbot or Pinkslipbot, is a banking trojan and information stealer. The heuristic firing indicates the file's primary purpose is to deliver other malware. Without further analysis of embedded scripts or macros, the exact delivery mechanism and payload remain unknown.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.