Qbot Office (OOXML) / .XLSX malware analysis — malicious · 904a50844b963cb0

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f03ec2c394d4ff558ff229f48947079d SHA-1: 4a74b56b75bc9484653d09c4b2fed2c4f0987764 SHA-256: 904a50844b963cb0a3ffcf7dd9ad02288eb40c119b7d20b3d3426e5dc1daaac4

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot dropper. As an Excel document, it was likely delivered via spearphishing, intending to trick the user into enabling macros or interacting with the content to download and execute the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.