Qbot Office (OOXML) / .XLSX malware analysis — malicious · 3c7998797fe88288

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7c2d66beaaa5d0086ad20e1ea9ddf8fc SHA-1: f36ee5f6eafcd0478fa6d2f9517402a91033dded SHA-256: 3c7998797fe8828869429e98d4d1fd76a7228e8d00a599442875910f0e2e7436

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of file typically uses malicious macros or exploits within an Excel document to download and execute the Qbot malware. The primary attack pattern is likely spearphishing attachment, aiming to trick users into opening the malicious file.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.