Qbot Office (OOXML) / .XLSX malware analysis — malicious · 845e3368a14976e2

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8999651e1dbb617dda638c860b44b4f1 SHA-1: 7e8163f50534d2fcf6e9af06d68712a6d7537af4 SHA-256: 845e3368a14976e21ccb73eb66096768f91eded32b0c05439d21ba53d94d7f89

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1204 Malicious File Execution T1566 Phishing

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its nature as a dropper for the Qbot malware family. The primary function of such files is to facilitate the initial execution of malware, often through social engineering tactics within the document itself, leading to the download and execution of further malicious components.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.