Qbot Office (OOXML) / .XLSX malware analysis — malicious · 4420b46a4b603695

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 3f609d8a62e71a284297c59df4b7c338 SHA-1: 2d474a058115ad0880241cffe5bf9a110e760ee4 SHA-256: 4420b46a4b6036952200ab0724dbed643428b928c5fbaee10818b06b8c04a90f

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. As an Excel document, it likely uses macro or other embedded exploits to download and execute the Qbot malware. Further analysis would be needed to confirm the exact delivery mechanism.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.