Qbot Office (OOXML) / .XLSX malware analysis — malicious · 238ea5b02dd8d512

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 05da712615738e59fa3beedf1fda2b40 SHA-1: 1c1173ba7c6f7b3ad0e0aac1b6547548dc623575 SHA-256: 238ea5b02dd8d512dbefdf99454f887e28992de2065d32b80fabae46b85ad442

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1204 Malicious File Execution T1566 Phishing

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its nature as a dropper for the Qbot malware family. The primary function of such files is to download and execute additional malicious components onto the victim's system. The presence of this specific ClamAV signature is sufficient evidence for this assessment.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.