Qbot Office (OOXML) / .XLSX malware analysis — malicious · a5c1f15009730e3b

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: dcabb320c40e5d9f06ed03659163a819 SHA-1: ace898b812ea38f64bcf16a9df04b2806328f5ee SHA-256: a5c1f15009730e3b64c60323948e5d0b1e1193cec9b69b8a1a1b128d8851742c

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', a known Qbot variant. This indicates the Excel document likely contains malicious macros or embedded objects intended to download and execute the Qbot malware. The primary attack vector is likely spearphishing, leveraging the document as an attachment.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.