Qbot Office (OOXML) / .XLSX malware analysis — malicious · 47c9571d71b64c54

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 490aa19cd7e95531ec2ee0c33cd6f2ec SHA-1: b03db46aae8d756c993541bc88358ff9f0050769 SHA-256: 47c9571d71b64c5438143821473e3e734a424aa1a18ddcda4a3623fcd8b785f5

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. The primary attack vector is likely spearphishing, leveraging the malicious Excel document to deliver the initial stage of the infection. The document's purpose is to download and execute a secondary payload, characteristic of Qbot's typical behavior.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.