Qbot Office (OOXML) / .XLSX malware analysis — malicious · 1a9340a407150f4c

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ff79249ca03ab8a39ed714cae976bd96 SHA-1: 6ccfa03734421e27c6a892490958c9f06a6e2838 SHA-256: 1a9340a407150f4cbe7853885d9795b82c2df94985d3d5c0f8f0be47b5845744

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1105 Ingress Tool Transfer

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of malware typically uses malicious documents to deliver its payload. The primary attack vector is likely spearphishing, leading to the execution of the embedded malicious content.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.