Qbot Office (OOXML) / .XLSX malware analysis — malicious · b923eaa044fb5a85

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: dec80647d697ca25b7156baca3b7213e SHA-1: ba30f509d3843adaed192e8c6a6e456547017daf SHA-256: b923eaa044fb5a85f313b0ba9d920af7b1a885d472df3c4761aed78844090d66

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a dropper for the Qbot malware family. The detection suggests the Excel file is designed to execute malicious code, likely through macros, to download and install further stages of the Qbot infection. This aligns with common spearphishing attachment tactics.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.