Qbot Office (OOXML) / .XLSX malware analysis — malicious · 339abdfc6bb6324d

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: db1bbc75ab35eab10543f2cc8f61911c SHA-1: 8545005d0a296a76f74a4a4a82d6a0528e698081 SHA-256: 339abdfc6bb6324d5e140478641dc6d048a7011c2f2a7f938e1095d65801b462

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File Execution: Malicious Attachment

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot dropper. The heuristic firing suggests the document's primary purpose is to deliver a Qbot malware payload to the victim's system.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.