Qbot Office (OOXML) / .XLSX malware analysis — malicious · bc198829b12a016d

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 4db34c6d5b73170d59eb373942003b77 SHA-1: e0fb26ef3ed8c08a17f1767bfe223cf9b4b8738e SHA-256: bc198829b12a016de49fa5f66796687cbadd56cb1cc822583470b4e77a8d38fb

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting a Qbot family dropper. The nature of dropper documents is to facilitate the download and execution of additional malicious content upon user interaction, typically by enabling macros. This aligns with the common phishing tactic of using malicious attachments to initiate further compromise.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.