Qbot Office (OOXML) / .XLSX malware analysis — malicious · 2fc36c82d776879a

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 48dc959a0f4324b9951eb23a723b09b6 SHA-1: 8db59de8ac9b5100d520a10ccdfe0c75a5912ea3 SHA-256: 2fc36c82d776879a75087125deca3c23ba2c20b4843959a3f4b0c59d5c8373b0

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. The primary attack vector is likely spearphishing, leveraging the malicious Excel document to deliver the initial stage of the infection. Further analysis would be required to determine the exact execution chain and network indicators.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.