Qbot Office (OOXML) / .XLSX malware analysis — malicious · 9026023edac383c6

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 534f32b733c62e74a6d3b42f0bb7f85b SHA-1: e0f70309f415845ec3abed69bd390498e5cc77a3 SHA-256: 9026023edac383c6dc100f6edcce5276c4b8f91ed47af3afa7f96680da8c9e0b

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The Excel format suggests it was likely delivered as a spearphishing attachment to lure the user into opening it and triggering the malicious payload. No further details on the specific delivery mechanism or payload are available from the provided evidence.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.