Qbot Office (OOXML) / .XLSX malware analysis — malicious · 4b9ac466873e0cf1

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 569bacaa9eb8d598c0cfccc59ec19488 SHA-1: e4b35f1a8559559f8fba01b92293f9406ec41715 SHA-256: 4b9ac466873e0cf196330b8d9b9235190a477b35650906c0cdfbeb6ce9b60586

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The document's purpose is to deliver and execute the Qbot malware. The presence of this specific ClamAV signature provides high confidence in the family attribution and attack pattern.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.