Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2b45b8427d921b41

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 4ec8ebb33c5db1e7d94df5e3bd16b0b9 SHA-1: c6d95d7456e6480fa0a60173e1976efbe86b7d29 SHA-256: 2b45b8427d921b4135357e91d4d916b52bfcf07f7eba6cbb472204e23ad876e4

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The critical ClamAV heuristic firing, 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggests this Excel file functions as a dropper for the Qbot malware family. The file's metadata indicates it is an older Excel document, potentially used for initial access. Further analysis would be required to determine the exact delivery mechanism and payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.