Qbot Office (OOXML) / .XLSX malware analysis — malicious · 43301d6ad037cc64

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 4cd81d96feeed0309b7e277816c2ce22 SHA-1: 06dba796b41abb2be643727b9113a71eb3a0450e SHA-256: 43301d6ad037cc641595c5fd57836b064711c95ae34a31d0ce6b27d8cd79f5ba

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The file type is an Excel document, commonly used for delivering malware via macro execution or exploits. The heuristic firing suggests the primary function is to download and execute a secondary payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.