Qbot Office (OOXML) / .XLSX malware analysis — malicious · 94b03310fe31362f

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 6f8a2cdffcd1b3fa2234eaa2106c9a63 SHA-1: 0462c71f51be7fad1c27402820df4ba27f45fc91 SHA-256: 94b03310fe31362f7d38646e28fbe6123ffa47484bb3af0822cb7c0792338dbf

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. Qbot is known for its use in delivering malware payloads through malicious Office documents. The primary function of this file is to act as an initial vector for further infection.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.