Qbot Office (OOXML) / .XLSX malware analysis — malicious · a18501eac3a9ce9c

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: e6f2887db09c3af569d1bca0521ca1d1 SHA-1: 88ce245691d0ed1d698d7f2659507039bcc71d0a SHA-256: a18501eac3a9ce9c94d393235ab78dc23feabef64261ee8a85734d0452b834ed

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a dropper for Qbot malware. The detection suggests the Excel file is designed to execute malicious code, likely through macros, to download and install further stages of the Qbot infection chain.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.