Qbot Office (OOXML) / .XLSX malware analysis — malicious · c0b3a60c4c927a30

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: a58b03c8b2a70c8bf1fa10ba4862a194 SHA-1: f4e719375dd23d08c96b7f70364e157bcae33a52 SHA-256: c0b3a60c4c927a30612a0468c6d3e243e01958201a906b3ef065b2d854a33b6b

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document flagged by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. Qbot is known to be delivered via malicious Office documents, often using social engineering to trick users into enabling macros. The primary function of such documents is to download and execute a secondary payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.