Qbot Office (OOXML) / .XLSX malware analysis — malicious · 1ba2c3aab5f152d3

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 78be375f8c41cd716778c70cd4f4173a SHA-1: 5da95161405971d1b5d8a57ec429efd39e45df72 SHA-256: 1ba2c3aab5f152d3f6baeea7f04577ba1627d5fe187c822b4fc7859b2e6fdd8c

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot dropper. As an Excel file, it likely uses macro execution or exploits to download and execute the Qbot malware. Further analysis would be needed to confirm the exact delivery mechanism and payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.