Office (OOXML) / .XLSX malware analysis — malicious · f9516958dbbade88

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ab224c98904b1d319dbc2ec726158e19 SHA-1: e0f2a2f42744adb00f1b2a19cc1170d48807bfe3 SHA-256: f9516958dbbade880a4e59a6b4d3fa3d1678a699682a74dc85b7e548072e82a1

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet flagged by ClamAV as a known dropper. The heuristic indicates it's likely designed to execute malicious code, potentially through macro execution, to download a secondary payload. Given the detection name, it is highly probable that this file is part of a Qbot (also known as Qakbot or Pinkslipbot) distribution campaign.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.