Qbot Office (OOXML) / .XLSX malware analysis — malicious · 582a19c965c98465

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: b95a21d935fac95813302d1c27a9b515 SHA-1: b642b2e7bce3d48763674b28d167e0eb1f6fa89d SHA-256: 582a19c965c98465c2ed9fcb3309edbe17b84cd75c97cbde6d5533308f52d5cc

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. Such documents typically employ social engineering to trick users into enabling macros, which then download and execute the Qbot malware. The high confidence is based on the specific ClamAV detection name.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.