Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2bf0158da529e85a

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 23a859eb20980d37b3f4e34133a83319 SHA-1: a5436376fd78f44e9c77173de328cd89be5a6516 SHA-256: 2bf0158da529e85a563cb519e2ccf2e0909c7264f35ab411599f73f71bc96972

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified as a malicious Excel document by ClamAV with the signature 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating a Qbot variant. The document's purpose is to act as a dropper for this malware. No specific IOCs like URLs or hashes were extracted from the provided metadata and heuristics.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.