Qbot Office (OOXML) / .XLSX malware analysis — malicious · 9d5974e24f138bba

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: e05ac0ca73d8a6bf13d2085497020617 SHA-1: a204620d781384c886a19911927943b0cf49ce8b SHA-256: 9d5974e24f138bbac7ae5da10394d8748955b09d074a67785484b71a1554e2f6

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot dropper. This type of file typically uses malicious macros or exploits within an Excel document to download and execute the Qbot malware. Further analysis would be needed to confirm the exact delivery mechanism and payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.