Qbot Office (OOXML) / .XLSX malware analysis — malicious · bb1b4c3f2aeb259d

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 58956e39723eebb13e34500d5d25ac78 SHA-1: 4008174a831a2828cd95d202531489b59ceafc87 SHA-256: bb1b4c3f2aeb259d0ecb9059f6d8473f6664e3b628050f9c997021b2b29a8aab

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot variant. Qbot is known for its dropper functionality, which is used to download and execute additional malware stages. No specific IOCs were extracted from the provided metadata and heuristics.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.