Qbot Office (OOXML) / .XLSX malware analysis — malicious · 4f43fa70d2217033

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 5645460aad91db06f359dede5c2c6219 SHA-1: 5bd743a60863a64fe0027cffc9bbe88be7338217 SHA-256: 4f43fa70d2217033c4741b2d2bb9daac69805d43636afc424b9263bbfa357afe

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of file typically uses malicious macros or exploits within an Excel document to download and execute the Qbot malware. The primary attack pattern is likely spearphishing attachment, aiming to trick users into opening the malicious file.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.