Qbot Office (OOXML) / .XLSX malware analysis — malicious · 23b3d7f599b2c1ce

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: c0b1b6708f1b970de6a71ea75feb6b44 SHA-1: 0eff9fd04256aa316bbd8291b534754bfd79edc2 SHA-256: 23b3d7f599b2c1ce86c5cb52b0f73b15aef89b3ea0d913fe56d25d270f36ebe0

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. The primary function is to deliver and execute the Qbot malware. Further analysis of the document's content and any embedded scripts would be necessary to detail the exact execution chain.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.