Qbot Office (OOXML) / .XLSX malware analysis — malicious · a22e96a643c1b4a6

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 951ea0a619851a5c7582adad6efff3b0 SHA-1: f47e7db2b5fcf5014fcd30716a7981e3843ba1a2 SHA-256: a22e96a643c1b4a66918dd40d3268c21fe589eb6eef6ff3001bd6b80cb7102f8

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for Qbot malware. The detection suggests the Excel file is designed to execute malicious code, likely through macros, to download and install further stages of the Qbot infection chain.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.