Qbot Office (OOXML) / .XLSX malware analysis — malicious · 9acc98c635cd73fc

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: d915ad55b45ff1a645121f55eb8cba4b SHA-1: d46efa5b4de9a0191d9029b1bb8e4def83d97976 SHA-256: 9acc98c635cd73fcec896cf79757be508bdaea2fe6372077fd171060f6076763

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a dropper for Qbot malware. The detection suggests the Excel file is designed to execute malicious code, likely to download and install further stages of the Qbot infection chain. The presence of this specific ClamAV signature provides high confidence in the attack pattern and family attribution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.