Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2060d7a4e1403bb8

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: e9445fa153645b39675c5eb0b5ba2428 SHA-1: 3d9c18138d8bc7c0fbe5b13173bc57ae1abd1556 SHA-256: 2060d7a4e1403bb865f9d06a3370b6cc7021dce9211f7e72fce39b0451a0fc14

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', a known Qbot variant. This indicates the Excel document likely contains malicious macros or embedded objects intended to download and execute the Qbot malware. The primary attack vector is likely spearphishing, leveraging the document as an attachment.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.