Qbot Office (OOXML) / .XLSX malware analysis — malicious · a48f97df5a7b2049

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 51c0456f0ae6bcbbdf7bc00248000340 SHA-1: f28714bc734a0c5d28dc9c624c4fd31e941279c2 SHA-256: a48f97df5a7b2049e2f2d79fd1ee05ac997ea97e7b623b0418e1d8db83a5224b

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot dropper. The primary function is to deliver a malicious payload, exploiting common phishing techniques via an attached document. No specific scripts or document body content were extracted for further analysis of the delivery mechanism.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.