Office (OOXML) / .XLSX malware analysis — malicious · e68682c20909435b

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 12ce6e6c0ec041518c1bf9b35658a1e9 SHA-1: a9f2a337fcd96b19eff26566a50fc1b97c958dab SHA-256: e68682c20909435b22f598f5ae2ffc35861edac273e3b35df0fd3a0f8399a291

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot (also known as Qakbot) banking trojan. As an Excel file, it likely uses social engineering to trick the user into enabling macros, which would then execute malicious code to download and run the final payload. The lack of VBA or script content in the provided evidence means the exact execution mechanism cannot be detailed, but the dropper nature is clear.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.