Qbot Office (OOXML) / .XLSX malware analysis — malicious · be162e93667f8e2b

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: ea7a588c2483b568b3c5b5bbad4b1d4e SHA-1: 53768103a0526c1f89bcbc06aabeca2bf70110cf SHA-256: be162e93667f8e2bd2443faaec363ddd907a5d4c8113f287d89b9f6ebd35eb89

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of file is typically used to lure users into enabling macros, which then download and execute the Qbot malware. The detection signature itself serves as the primary IOC.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.