Qbot Office (OOXML) / .XLSX malware analysis — malicious · 44b51daf162b1898

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2f99cc6ff71dad29f12494238bfd13ba SHA-1: 1d20f9126daedae5951d05c752824da6880cf1f5 SHA-256: 44b51daf162b189813000b2e5eabf0e6b933650333fd59109c122168df25467c

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. Qbot is known for its capabilities in stealing financial information and facilitating further network compromise. The detection suggests the file is designed to execute malicious code upon opening.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.