Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 cf2f936bf780fc22…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: a4368ad340cea6504a131aaa6af1307f SHA-1: d193759ddbb4bedb0c9b50fbba5a4c8554bc53f7 SHA-256: cf2f936bf780fc228228ff185794ef940c770cba03e71f353350c7b43b7c6bbb
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper for malicious content within an Excel document. The presence of macro-related heuristics suggests the primary attack vector involves tricking the user into enabling macros to initiate the download and execution of a further stage malware. No specific document body or script content was provided for further analysis.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.