Office (OOXML) / .XLSX malware analysis — malicious · ed920584043c7dcd

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 15c1e7e7d12ac3e253e7084f2e532853 SHA-1: 3fbc24e8c59beddaf5adb17c2d7df8b64776758a SHA-256: ed920584043c7dcd5b84555e2ec80fec85d4d62eb01aee2fadc903074b45401b

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper. The primary attack vector is likely social engineering to convince the user to enable macros, which would then execute the malicious payload. No specific secondary payload or C2 infrastructure was identified in the provided static analysis.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.