Qbot Office (OOXML) / .XLSX malware analysis — malicious · 545a61f51a9542dc

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: a1a64a9b073a39a2cde24d82e43aeb8f SHA-1: 41cc3a72b9533963a08661998e1f6b8a1689d09c SHA-256: 545a61f51a9542dc016740c26645810845d63e35da1fecfb56069257ea8934e9

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as a Qbot dropper, indicating its purpose is to deliver the Qbot malware. The heuristic firing directly attributes the malicious nature to this family and its dropper functionality. The file's structure as an Excel document suggests it is likely delivered via a phishing campaign.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.