Qbot Office (OOXML) / .XLSX malware analysis — malicious · 488d17861760e1b7

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ee60271adaca2d1e01bf9fe3c9a07f18 SHA-1: 02ed0a10a291270bf1984bc09dba42e09ec56d65 SHA-256: 488d17861760e1b7e1a1353dd4b5739895dbd088b1620f9a3ffdc76c205da11a

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The heuristic firing suggests the document is designed to execute malicious code, likely through embedded macros, to download and run the Qbot malware. The file's metadata indicates it is an older Excel document, but its malicious nature is confirmed by the signature.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.