Qbot Office (OOXML) / .XLSX malware analysis — malicious · 9765fc38ee97508b

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f87931388002c4f46631d7996d9c3a64 SHA-1: f0586a5cab56740af4b07bc7c81dbb65adc9a4e5 SHA-256: 9765fc38ee97508bc25e030cb77922ccd867ced7b37c1696e94e8b7ad0e572c5

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a dropper for Qbot malware. The detection suggests the Excel file is designed to execute malicious code, likely through macros, to download and install the Qbot payload. This aligns with common Qbot distribution tactics.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.