Qbot Office (OOXML) / .XLSX malware analysis — malicious · 285bed8e0c9da77c

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7212ac9137cd9b912d56f1a605dbcf69 SHA-1: d39f6bd485da6419866250c9664ab3a3a950114b SHA-256: 285bed8e0c9da77ced59f5abd3bdd55f2c5e860f92523e56c97d665bd742ec16

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of file typically uses macros to download and execute the main Qbot payload. The heuristic firing directly points to the malware family and its dropper functionality.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.