Qbot Office (OOXML) / .XLSX malware analysis — malicious · 98b87dfbc844e8a0

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7c8b895f5267a9db1dcef99b9714648a SHA-1: 986552b2f3eb03ebe32523fe6aad1dfdde92dc76 SHA-256: 98b87dfbc844e8a0fe66fc6d3fc3dd7dd6e4f2af6c62dbbf18e28f8e0e89712e

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for Qbot malware. The detection suggests the Excel file is designed to execute malicious code, likely through macros, to download and install further stages of the Qbot infection chain.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.