Qbot Office (OOXML) / .XLSX malware analysis — malicious · 1ec4709f23513f0a

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 3d804afcc6aa70ef201f076f366e9c67 SHA-1: d06519f41e93f5620538ed237c5f97ece2bde1f8 SHA-256: 1ec4709f23513f0a4c3502baae318426362b836dafe3ce0792e21c32ff7818de

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document flagged by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The primary attack pattern is likely spearphishing attachment, aiming to trick users into opening the malicious document and executing the embedded payload. No further details on specific IOCs or scripts were extracted.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.