Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 db8e6f162014ac02…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: 3b0896642cdd4332dea9d24a05ed723f SHA-1: b9735c32046ea9bf94b0cf314cba63c8eb175128 SHA-256: db8e6f162014ac0215e3148d936085ee00c38d1a6a1ed5c1769c2f15a6bd72d5
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

Static analysis identified the file as a malicious Excel document. The ClamAV heuristic indicates it is a known dropper, likely Qbot, designed to deliver a secondary payload. No specific IOCs were extracted, but the file's nature suggests it is part of a phishing campaign.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.