Qbot Office (OOXML) / .XLSX malware analysis — malicious · a004f519fb5ffe81

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: b948beded55a7d9c5a134f127985b01b SHA-1: 8fa293506cd7613c5472d5b8ff376ea4661ffd17 SHA-256: a004f519fb5ffe814dade459f7a0c44645488e524bd0bbe3bf7a6e353d77646f

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a dropper for Qbot malware. The detection suggests the Excel file is designed to execute malicious code, likely through macros, to download and install further stages of the Qbot infection chain.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.