Qbot Office (OOXML) / .XLSX malware analysis — malicious · aa57b687a7f97b11

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 194cbfefce65cff999a5dcc392461fee SHA-1: 989d01178800f6624b851c2b09b11d6ba1788f3c SHA-256: aa57b687a7f97b11d7b45a4faeebce39595545bb8d2360c292fb349f514c89b0

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. Qbot is known for its capabilities in stealing financial information and facilitating further network compromise. The document's purpose is to initiate the download and execution of the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.