Qbot Office (OOXML) / .XLSX malware analysis — malicious · a657b4de92e8d8aa

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ddc81dec3a636f8441ac723d8af9f1de SHA-1: f8ca3905991aeda4c52dce5f0b01dbfa9b0ee4e2 SHA-256: a657b4de92e8d8aa493e0abc9e09ff62fff2af69926d71c60037eb01fc25c356

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper disguised as an Excel document. This suggests a phishing attack where the user is tricked into opening the malicious attachment. The primary function is to deliver the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.