Office (OOXML) / .XLSX malware analysis — malicious · f1aac198e597b0c3

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 039fb6005eb0195c2506a091ca4f817e SHA-1: fac393a36ade881109a13468ec790d5787a3f811 SHA-256: f1aac198e597b0c3a7045c11548f2f85dac043686698e7edb4f48852ccf93140

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious Script

The file is identified by ClamAV as a known dropper for Qbot malware. While no specific VBA or script content was extracted, the heuristic strongly suggests the Excel file's purpose is to download and execute a malicious payload. The detection name implies a Qbot-related dropper, indicating a likely infection chain.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.