Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8d16d147e9f1528b

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 5a6457dc5046f98b4afbd33057236d8e SHA-1: a9fb971b7e03f66f0f0e675917f6be558f1f9ee9 SHA-256: 8d16d147e9f1528b82490f1bf0f1a775f5ba212e3d6ea204072cba558b36b25e

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a Qbot dropper. This type of malware is typically delivered via spearphishing attachments and is designed to download and execute further malicious stages. The detection signature itself serves as the primary IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.