Office (OOXML) / .XLSX malware analysis — malicious · de1122b17dd3ed55

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8a01a4e82d2c573ab174a5afbb8093c0 SHA-1: e7fc2c3ff2ac4673f5d3109e24bea5dcad087d85 SHA-256: de1122b17dd3ed557e33eaea769bdb5f05d7dede99ae4e6a04ac20a25514ed46

60 Risk Score

Malware Insights

MITRE ATT&CK

T1204 Malicious File Execution

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper for other malware. While no specific payload or download URL was extracted, the detection signature suggests a Qbot variant, commonly used for financial fraud and information theft. The primary function appears to be the initial execution of a malicious payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.