Qbot Office (OOXML) / .XLSX malware analysis — malicious · 987c0f0c098dc0e9

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 4b29c5c48bc4b00ce6ebfafc3564956a SHA-1: 18f21433a44b54a0fa7b70e6b71ac85bcd918032 SHA-256: 987c0f0c098dc0e93c8aa14f3875f27c014675a1f94d913d0bfb2dfe58b11010

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0'. This heuristic strongly suggests the file is a Qbot dropper, a type of malware commonly delivered via malicious Office documents. The primary attack pattern is likely spearphishing attachment, aiming to trick users into opening the document and triggering the malicious payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.