Qbot Office (OOXML) / .XLSX malware analysis — malicious · 98845358be553ab6

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7bcaa1a506ddd96c80df1b1a54b32b60 SHA-1: 2195be0d955886a50781a7348b042f1f3e881840 SHA-256: 98845358be553ab662896a90fe9e075272889038f3afbdd31bdcda1c61dbd0f5

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document flagged by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is part of a Qbot (also known as Qakbot) distribution. Qbot is known to be delivered via malicious Office documents, often using social engineering to trick users into enabling macros, which then download and execute the main payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.