Qbot Office (OOXML) / .XLSX malware analysis — malicious · 520d86996f32a708

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7f6bb56f6cc1065689264a2541db1756 SHA-1: 1df77b923ee0feda0d242fa89b0a20c1b388133e SHA-256: 520d86996f32a708852243a70d5e94b3962ca63bcea69a4b77cf58865a173918

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The critical ClamAV heuristic explicitly identifies the file as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a Qbot dropper. This type of file is typically used to deliver and execute further stages of the Qbot malware. The file's metadata suggests it is an older Excel document, potentially leveraging an exploit or social engineering to achieve initial execution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.