Qbot Office (OOXML) / .XLSX malware analysis — malicious · b47e625327311396

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 9c4f43f980ff7ddf3e4c1e66a72e55f6 SHA-1: 69c9314409f07e7e27064399bdf4bf8c975ad1af SHA-256: b47e625327311396aa6e4a992bbfab5a5c016ccbc4fa6e4fafca094001481fe3

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it functions as a dropper for Qbot malware. The detection suggests the Excel file is designed to execute malicious code, likely through macros, to download and install further stages of the Qbot infection chain.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.