Qbot Office (OOXML) / .XLSX malware analysis — malicious · bcfc21ca2ff4261f

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ba3ad5f839831f3245c1d011a54163ab SHA-1: bfab5b5db798b56a9eba1d24462867c2cf3bf026 SHA-256: bcfc21ca2ff4261faf363bcfe2b79814929935de95d5d058819c43c253dd8ccb

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper disguised as an Excel document. This suggests the primary attack pattern is likely spearphishing, aiming to trick users into opening the malicious attachment and subsequently downloading and executing the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.