Malicious Office (OOXML) / .XLSX — malware analysis report

Static analysis result for SHA-256 eec811359c03ed32…

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: dc93910bb3471ac27504ab7ec7cb25ea SHA-1: e4486283f73ba02877bd4441e8769b4e30436a87 SHA-256: eec811359c03ed3226fd5334fe685ace42403398cef72e740b20e114338089c3
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is an Excel macro-enabled spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0'. This heuristic strongly suggests the file's purpose is to act as a dropper, likely downloading and executing a secondary malicious payload. The presence of macros in an Excel file, combined with the dropper classification, points to a common attack pattern involving spearphishing attachments.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.