Qbot Office (OOXML) / .XLSX malware analysis — malicious · 542525095f212017

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: c49f70dcb659df133b40cb7e0fd54a79 SHA-1: e9f08c5b78a0df3a7c964f313e0510adf98d0ace SHA-256: 542525095f212017a130ee6205ea9a798f913b50cbacc43ea0817979e3d279fd

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', which strongly suggests it is a Qbot variant designed to drop a secondary payload. The file type is an Excel spreadsheet, a common delivery mechanism for macro-based malware. The presence of Qbot indicators points towards a phishing or social engineering attack vector.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.