Qbot Office (OOXML) / .XLSX malware analysis — malicious · a1af425ca285f85b

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 4b64837660136ad33b52a8222e35ee1e SHA-1: 01c3028598b3fe4bcc68594b61f3923476179e91 SHA-256: a1af425ca285f85b118182c2c04681c8b1f73b549523cf03b64dbe488a293706

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as a Qbot dropper, indicating its primary function is to deliver the Qbot malware. The detection name 'Xls.Dropper.QbotDocu12020-9818439-0' strongly suggests the malware family and its dropper functionality within an Excel file. This points to a phishing attack where the user is tricked into opening the malicious attachment.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.