Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2dad077751be8022

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 6f854a28a3a8f95bc516849f06799aba SHA-1: 1cc38fd38ae6e6857d4962d45e5173e354125746 SHA-256: 2dad077751be8022f2ecb6a054efde100c56ea5492a31a806e53dddd37c6ee23

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is an Excel document identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, a known Qbot variant. This suggests the file is intended to act as a dropper for the Qbot malware. The detection strongly indicates a malicious intent, likely involving social engineering to trick the user into opening the malicious attachment.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.