Qbot Office (OOXML) / .XLSX malware analysis — malicious · cf108a4e7a047352

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 04ff347b18a39bd3e464bf9eaf8e7ded SHA-1: 4bd6706eab77d561843babd8d2cb77ffcf939daa SHA-256: cf108a4e7a04735271277dd097a0380e676ac427886344541ab134675f6525f3

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document flagged by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot downloader. The document's metadata shows it was authored by Microsoft Excel, and its creation date is old, but the detection signature is recent. No further details on the delivery mechanism or specific IOCs were extracted.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.