Qbot Office (OOXML) / .XLSX malware analysis — malicious · 889a90fc21713612

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: b33d711b756cdf9c89eae4d3e7d7546a SHA-1: 3aef230abef5cb55ba0358685dce9a4369425c38 SHA-256: 889a90fc21713612f054e92eba146fb33d400cfb30ad163383270fccd9d9b169

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. The primary attack pattern involves using this malicious document to deliver the Qbot malware to the victim. No further details on execution or specific IOCs were extracted from this sample.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.