Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2f1147f15dde87ad

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: fd1d2d468b5398a5cecd3a0e41895e12 SHA-1: b4eb2e755dbd46be77ab6b1e48f0e5fbfa450673 SHA-256: 2f1147f15dde87add3c7ffbb60adb09ab0ac479ea9812595b5a5d5a5a8698ee0

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as a Qbot document dropper, indicating its primary purpose is to download and execute the Qbot malware. The detection signature 'Xls.Dropper.QbotDocu12020-9818439-0' strongly suggests this functionality. No further details on specific delivery mechanisms or payloads were extracted.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.