Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2054afb4865d63d0

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 6cf7b3d110fba0b1f9fb70ccc467c71d SHA-1: 89d04fa57783fb22e744d9a67e87c1e92af90aed SHA-256: 2054afb4865d63d0c09b4a6664ecdd4e2eef64c59b99dee58d572e7b1e8ae1a9

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant. Dropper malware typically functions as a downloader for additional malicious payloads. The presence of this specific ClamAV signature indicates a high likelihood of malicious intent, likely involving the execution of further stages.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.