Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8d3f01d4e9bf9c5f

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7b4bb7c7e45f9a79677ea4064021f35f SHA-1: da9a807d10d17b101889ebcf36bef95558ada402 SHA-256: 8d3f01d4e9bf9c5f79bcba1735a5a69b80517a58b128dc697aee0dba3242d9d7

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. The detection name suggests it's an Excel (Xls) file used to drop malware. The primary attack pattern involves luring the user to open the malicious spreadsheet, which then executes the embedded payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.