Office (OOXML) / .XLSX malware analysis — malicious · da7eefe688dfa8c6

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: a020cd24bcfdd733e0a292777f244581 SHA-1: c7ab0752da8b798df15fec530f444ef0c16f91a8 SHA-256: da7eefe688dfa8c6ec0e5af54f03f0d14d0374cf4557a623bbb7140ce622599d

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is identified by ClamAV as a dropper, specifically 'Xls.Dropper.QbotDocu12020-9818439-0'. This suggests its primary function is to deliver other malware. As no document body or scripts were extracted, the exact delivery mechanism and payload remain unknown, but the dropper nature implies a multi-stage attack.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.