Qbot Office (OOXML) / .XLSX malware analysis — malicious · 415531315cab0cef

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 793673b14b9d4e96a0d4eaee8148da6f SHA-1: eb596686ec87765687466b9256f96d98d8a3bd0c SHA-256: 415531315cab0cef7b688cebe0f15abf1ffa630a57c6c951b4d6a43c21c95be2

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The primary attack pattern is likely spearphishing, where the user is tricked into opening the malicious attachment. Further analysis would be needed to confirm the exact delivery mechanism and payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.