Qbot Office (OOXML) / .XLSX malware analysis — malicious · af7e14b54e6048a3

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f28dd2c67c775af13405b8c917b2bfbb SHA-1: 14489b2b0b3707db2598e9d7b9e4de0ff5105849 SHA-256: af7e14b54e6048a3a053644fcea7670ca5f11f99c18ddfdc96840f4f9f66885e

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. As an Excel document, it likely uses macro execution to download and execute the Qbot payload, fitting the spearphishing attachment tactic.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.