Qbot Office (OOXML) / .XLSX malware analysis — malicious · 953536e89fae87c7

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 3ef283f7cd7f2bba48ee2b0b0ba1aa52 SHA-1: 0cde8e1f029cb75b3a57c9e765d55f7a8f50837c SHA-256: 953536e89fae87c7b8db232375d177b379febeeb62653882be3208b8bc2f723b

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. Qbot is known for its capabilities as a downloader and its use in phishing campaigns. The primary function of this file is presumed to be the initial stage of infection, leading to the download of further malicious components.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.