Office (OOXML) / .XLSX malware analysis — malicious · f955359ed15e82c2

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: eef5a3bf59efd66bdd72f871e8931cd7 SHA-1: 563cef19a7a1562687798450e8d06dc2a1dfdf76 SHA-256: f955359ed15e82c2a7c3fce111e9758f3f786b898d2caf0f9b1f87accfc61350

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper. The primary attack vector is likely social engineering to convince the user to enable macros, which would then execute malicious code. While no specific script content was extracted, the detection name suggests a Qbot variant, a known banking trojan.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.