Qbot Office (OOXML) / .XLSX malware analysis — malicious · c1e2fc47b71b714c

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8d6a879cf990c421c15fd60bc4b4e224 SHA-1: 5e13b7f631abf708a6bfd937fb0348288a8fad6c SHA-256: c1e2fc47b71b714c3f06cfb1bd901dcb2628d175e39d79f02eb9bab3ad245b19

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The Excel format suggests it was likely delivered as a spearphishing attachment to lure the user into opening it and triggering the malicious payload. No further details on the specific delivery mechanism or payload are available from the provided evidence.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.