Qbot Office (OOXML) / .XLSX malware analysis — malicious · a9686bca89b4d15d

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 4432a9d8e309cf23c6ab6d8961723d2f SHA-1: 225046afeb3a8cbbc4bf9971149e0e2dc514c698 SHA-256: a9686bca89b4d15dafc10f9e70d3b3e7c8d609e5109a8cd1052cee5072479157

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a Qbot dropper. The heuristic firing suggests the document is designed to execute malicious code, likely leading to the download and installation of the Qbot malware. The file's metadata and type as an Excel document further support its role as a delivery mechanism for this threat.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.