Qbot Office (OOXML) / .XLSX malware analysis — malicious · 865932ef9542d855

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 35f66daf3f81c7155d235260df73e6bf SHA-1: b75d68da3224187f51bdaa12781c2c18f4f23c40 SHA-256: 865932ef9542d855c1879797a83c3a7044c2efece226698bfec319d508cdbdcb

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. The primary attack pattern is likely spearphishing attachment, aiming to trick users into opening the malicious Excel file. The heuristic firing is the main evidence for attribution and attack pattern.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.