Qbot Office (OOXML) / .XLSX malware analysis — malicious · 9f1bb4a0315d0f9b

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: e5f6134dae757d5c2700258c1a33decf SHA-1: c79c3d4edac9529578ab7cb5e41f1b4b7b75a6b7 SHA-256: 9f1bb4a0315d0f9b4da3148af99f194d638ba3d204bc715c10c6d62b05af12f1

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of file typically uses malicious macros or exploits within an Excel document to download and execute the Qbot malware. Further analysis would be needed to confirm the exact delivery mechanism and payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.