Qbot Office (OOXML) / .XLSX malware analysis — malicious · a68558dc37952dad

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: d5f6b7fba856ec1bd7ac1ab40653bc25 SHA-1: 5fd1861d405411daae344cf430779c9a82244f92 SHA-256: a68558dc37952dad5197ba9db6909ea732bdc28d5961d3361ea7810f70b8a062

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its use as a dropper for Qbot malware. The detection suggests the Excel file is designed to execute malicious code, likely through macros, to download and install further stages of the infection. This aligns with common Qbot distribution tactics.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.