Qbot Office (OOXML) / .XLSX malware analysis — malicious · 349550adef97fc1a

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 181fe382bd68148c844e67eb1a1b88bf SHA-1: 50e97143646881175a63c2d20997ede3a1ea0d28 SHA-256: 349550adef97fc1a2f8c8ba11c02d8c7985e015d10b3136036ee50e23c224259

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The heuristic firing suggests the document's primary purpose is to deliver and execute the Qbot malware. No document body or scripts were extracted, but the ClamAV signature is sufficient for attribution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.