Qbot Office (OOXML) / .XLSX malware analysis — malicious · a8ce6b29fa2bb210

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 2c4c06176fbb810423ad8b2f3d50e7c0 SHA-1: 9d80e8be8b07c59dbd01ab5a740455026bc5f3a3 SHA-256: a8ce6b29fa2bb210f3ab59d563e166b8aa9167e6523b2317345eef89ca4445d7

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant. The primary function of such documents is typically to execute malicious macros that download and run further stages of the malware. No specific IOCs were extracted from this sample beyond the detection name.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.