Qbot Office (OOXML) / .XLSX malware analysis — malicious · 92e2c5b5fa91fb6c

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: c66fedc00538890857b4e8379af0bc8b SHA-1: 09f97c94ba802302a229b40571adb2ced538a3d9 SHA-256: 92e2c5b5fa91fb6c2ea849defb7b03eb5e4b3c83869f63ddac681e263e153614

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The primary function of such documents is to exploit vulnerabilities or trick users into enabling macros to download and execute the Qbot malware. The SHA256 hash is included as a primary indicator.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.