Qbot Office (OOXML) / .XLSX malware analysis — malicious · c823da2e96f0874f

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7d8a220b29c13497b3d9301210d56878 SHA-1: e0e57638d85a7225f67a7e421b74b22c290587aa SHA-256: c823da2e96f0874ff81aac79bf8bb9e7c05e41a3e2c561005e589d6845c8d3c4

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. Qbot is known for its capabilities as a downloader and its use in various phishing campaigns. The primary function of this file is to serve as an initial entry point for Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.