Qbot Office (OOXML) / .XLSX malware analysis — malicious · bcf47b549793a3f4

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 38297bf405718dab3483bd5d645e3797 SHA-1: 152abb3c94ebcc98dc1ad9fdb276515ca7241a44 SHA-256: bcf47b549793a3f474f9df2d176fa07546e3e2c3f8d566b5afe946a998f3117b

60 Risk Score

Malware Insights

Qbot · confidence 85%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot dropper. Qbot is known to be delivered via macro-enabled documents, and this file's metadata indicates it is an OOXML file, consistent with this delivery method. The primary purpose is likely to download and execute a Qbot payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.