Qbot Office (OOXML) / .XLSX malware analysis — malicious · b1406200bfaaa54a

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: efe8817d9fb010212e2de118fad77afe SHA-1: a9f2910bbbdf9a4dd7f8524f8e9538f4a318a687 SHA-256: b1406200bfaaa54ab1ff2793b68fe67645ea307648e1233e1d5d9bdeacc8d770

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot dropper. The primary function of such documents is to execute malicious code, typically via macros, to download and install the Qbot malware. The detection signature itself serves as the main indicator of compromise.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.