Qbot Office (OOXML) / .XLSX malware analysis — malicious · b0aa9cc8700990b8

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 0db8e4a9f866ca5e8a977c8481d574cb SHA-1: 24819e74fbb359160f123e63484c2f49f71899f7 SHA-256: b0aa9cc8700990b832db34e9f565eb02f59a4d688bfb7d927ff2ab45fba0165a

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for the Qbot malware family. The primary attack pattern involves luring the user into opening a malicious Excel file, which then executes a payload. While no specific scripts or document body were provided, the ClamAV signature is sufficient for attribution and understanding the attack vector.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.