Qbot Office (OOXML) / .XLSX malware analysis — malicious · 1e58c372cca15839

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: b00f11482c76cecaca7cf2f9757b3053 SHA-1: b6c72737fd9da5f437d9b5ab092b339aa51ae1cc SHA-256: 1e58c372cca15839b357f740a18297b2a0a5bc85874fb0da1acb72c9a29d2d6a

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. The primary attack pattern involves luring the user to open the malicious spreadsheet, which then executes the embedded payload. No scripts or document body were extracted, but the ClamAV detection is highly specific.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.