Qbot Office (OOXML) / .XLSX malware analysis — malicious · a06130584d332577

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 02e58cd709f6ea96dfd414a2ef56cab0 SHA-1: 1d98fd4ac22165200aab4f546fa7288d52613aad SHA-256: a06130584d33257747f43b1408dccf92bdf09630298e5bcf67cf57047e7c3ae5

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. The detection name suggests it is an Excel document designed to deliver a malicious payload. Further analysis would be needed to confirm the exact execution method, but the primary function is payload delivery.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.