Qbot Office (OOXML) / .XLSX malware analysis — malicious · 57c6ad671c3635fc

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 64e1bc342e06753548c0c864a28c7fe2 SHA-1: b1e787e2293542857f978bfa772a7140740522ba SHA-256: 57c6ad671c3635fc60f672a04bc1b45e253214b98a6baef6880ca9cd9508be3f

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', a known indicator for Qbot droppers. This suggests the primary function of this XLSX file is to serve as an initial vector for delivering and executing Qbot malware. No document body or scripts were extracted, but the heuristic is highly indicative of Qbot's typical delivery behavior.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.