Qbot Office (OOXML) / .XLSX malware analysis — malicious · b251f59ec9a0ff59

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8f6b2b68b84e7292e1a93ad4f1ceabbf SHA-1: 15dd3266890b00812e4f255299de8688c560cf84 SHA-256: b251f59ec9a0ff5988747d32756116363936f19b2ed75aab6d8d2f828546621e

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0'. This detection strongly suggests the file is a Qbot dropper, a type of malware commonly distributed via malicious Office documents. The primary attack pattern involves tricking the user into opening the document, which then likely executes a malicious payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.