Qbot Office (OOXML) / .XLSX malware analysis — malicious · 9faa873957804d31

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: e8642324cdd55959a1a59833e9ba6260 SHA-1: 5000d559deca31a03a82390c8682b6fc8cabd030 SHA-256: 9faa873957804d3138efa0a4557468629ff8203196b3ef2f8af06e768214c6d6

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The primary function of such documents is to trick users into enabling macros, which then execute to download and install the Qbot malware. No further IOCs were extracted from this sample.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.