Qbot Office (OOXML) / .XLSX malware analysis — malicious · 7e5ff03841356e80

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: e205c77bb09d27a1cdc7276ce42ae863 SHA-1: 72f8cb41a44ccdd84fbff0533d253d6935bf7919 SHA-256: 7e5ff03841356e80fd907e792435c87936f18542ef0ae6c1ee56166310020580

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its use as a Qbot downloader. Qbot is known for its capabilities in stealing information and facilitating further malware deployment. No specific IOCs were extracted from the static analysis, but the detection signature itself is a high-confidence indicator.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.