Qbot Office (OOXML) / .XLSX malware analysis — malicious · 8db9c7dd93dc9af5

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7e5d06fe70e0c6c087762cb301045ee7 SHA-1: ee648b35b8089bdbdef8faf721bd084aa7c517e2 SHA-256: 8db9c7dd93dc9af58659dad1e3662eb9f1bc37c6e60e372dc8e8cad25a66400f

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. The Office (OOXML) file type and the detection name suggest it's likely delivered as an attachment, aiming to execute the Qbot malware. No VBA or scripts were extracted, but the heuristic is sufficient for attribution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.