Qbot Office (OOXML) / .XLSX malware analysis — malicious · c9c9c1ec6850ffa9

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 9c2ba19bb28870f8d24f27612ae41935 SHA-1: 4ed476cbfaecb18587d1dec32105ea94f2751b41 SHA-256: c9c9c1ec6850ffa93812b8dd81cdadd3fb9fa4ddd23345d0465fb07c0f1c50c1

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The primary function of such files is to execute malicious code, typically by leveraging macros or exploits, to download and install the Qbot malware. The detection name itself suggests a Qbot-related threat.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.