Qbot Office (OOXML) / .XLSX malware analysis — malicious · 5241ecf6fab7fc29

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 09a8dc610fa7fac7dfb8d3f7ebc2db2d SHA-1: d8766e213ef9adc6c1527387458927fab876cdd6 SHA-256: 5241ecf6fab7fc293a11bbe4d6581847de486c43a1c0b38efbe0f9f0e7821be4

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The primary attack pattern is likely spearphishing attachment, aiming to trick users into opening the malicious document and executing its payload. No further details on specific IOCs or scripts were extracted.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.