Office (OOXML) / .XLSX malware analysis — malicious · faa1fb6b4032689a

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f810a2f540c94e12cd878eaefc1777f4 SHA-1: 82dddbc3d24739f1d9b3d1cee4af9fe7f8467e15 SHA-256: faa1fb6b4032689ac1990f6a1a4b1995fb6e44c644c391dbd680ef7711f69fcc

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper. The detection name suggests it is likely part of the Qbot malware family, designed to download and execute further malicious content. No VBA or scripts were extracted, but the dropper nature implies macro execution is intended to fetch a payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.