Qbot Office (OOXML) / .XLSX malware analysis — malicious · a85408b4708c455b

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 9de744b2d2e085bf39373b9a311bcc20 SHA-1: 42f0da322f91216bdd8fe79bb80dc87b20b91146 SHA-256: a85408b4708c455b07d248f4d0db77b4df5060d6d1aa71faf06adb98ca4e984d

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document with a critical ClamAV detection identifying it as a Qbot dropper. This suggests the document is designed to download and execute the Qbot malware. The specific variant name 'Xls.Dropper.QbotDocu12020-9818439-0' strongly indicates its purpose and family.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.