Qbot Office (OOXML) / .XLSX malware analysis — malicious · b1cd7b30963b68d1

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 24e9d17bd4c8bc6ffafee1ae07b6b523 SHA-1: 061f07916ef9fde07584c1d5218e2b77f1c9fdcd SHA-256: b1cd7b30963b68d1a48dff15d9694c812b33e22dd5669e90b044f0a86ef00359

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. Qbot is known for its capabilities as a downloader and its use in phishing campaigns. The primary function of this file is presumed to be the initial stage of infection, leading to the download of additional malicious components.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.