Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2c2ef64df242e22b

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 4aca11373ca821a47a5805a80145c626 SHA-1: 15535c5a20bbf3708255610802122102f8a5e7b5 SHA-256: 2c2ef64df242e22b440ee0675eaee5bd4f0efb734278b868c0c2c1a221a56405

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper disguised as an Excel document. This suggests the primary attack pattern is likely spearphishing, aiming to trick users into opening the malicious attachment and initiating the Qbot infection chain.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.