Qbot Office (OOXML) / .XLSX malware analysis — malicious · 1d98d1f03838122e

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 280ee5806f706f6d208d6ffc74d544db SHA-1: e9bc722041e8b9c79f995782331ee1f19e20aa5f SHA-256: 1d98d1f03838122e8aade46574797a0c278aaee700570ed50bbecbafcd721f50

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot malware family. The Excel format indicates it was likely delivered via spearphishing, aiming to trick the user into enabling macros to initiate the download and execution of a malicious payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.