Qbot Office (OOXML) / .XLSX malware analysis — malicious · 1df8918f4e529496

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: b42a7dca95e9d9c92e6a92e3467ed492 SHA-1: 9b2aa457a0a4916cd5168c120e2fb42bf80a1c8a SHA-256: 1df8918f4e529496f45a1cb4f4a96612c48bde9346bc2c3bca1f41d75b6ef587

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its function as a Qbot dropper. This type of malware typically aims to download and execute further malicious stages onto the victim's system. The detection signature itself serves as the primary indicator of compromise.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.