Qbot Office (OOXML) / .XLSX malware analysis — malicious · b64ad95c268052b2

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 38f7e20a9c0804a6deb9360d336f190b SHA-1: c1f7269b87d555208c86e6cb28b4276bb0a0ad8d SHA-256: b64ad95c268052b2c76ff997515456091d12d90bd40382b344f80b9c11f3137b

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', a known Qbot variant. This indicates the Excel document likely contains malicious macros or embedded objects intended to download and execute the Qbot malware. The primary attack vector is likely spearphishing, leveraging the document as an attachment.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.