Qbot Office (OOXML) / .XLSX malware analysis — malicious · b51883b872975678

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: b3c234e25289d3d7cc6a34d3d7121b89 SHA-1: 0fbb10d184c4e22d14f10ebc2f03dccb75f25ab7 SHA-256: b51883b872975678b0387c742b6d4f4322373652083292a23640a2f1997b2293

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The ClamAV heuristic 'Xls.Dropper.QbotDocu12020-9818439-0' strongly indicates this Excel file is a Qbot dropper. Such files are typically used to lure users into enabling macros, which then download and execute the main Qbot malware. No further IOCs were extracted from this sample.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.