Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8a8d0f28d2cb9d0c

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 3b93a487502067ac50a161c571cc2747 SHA-1: 19d3b3f21bd1bc9875cc2550d8ec0e3c0f3f58b2 SHA-256: 8a8d0f28d2cb9d0c5369d8a8a65e420b59e6e530677b06abda628c145e97618f

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The primary attack pattern is likely spearphishing attachment, aiming to trick users into opening the malicious Excel file. The detection signature itself serves as the highest priority IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.