Qbot Office (OOXML) / .XLSX malware analysis — malicious · 279be44a2778dc45

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 1b5a85f9c1c8d33bd42850300f44aa72 SHA-1: 79b3bc70df96fd5540dd0c3c4aff083df519bc13 SHA-256: 279be44a2778dc454e43e0a8876f7884e41181b31ab09d9d2fcb93d51621dc07

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a Qbot downloader. This type of file typically lures users into opening it, often via email attachments, to initiate the download of the main Qbot malware. The primary function is to deliver the next stage of the infection.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.