Qbot Office (OOXML) / .XLSX malware analysis — malicious · cf5c37590f101914

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 29aa69af3388fc731c02fcfe35292a1e SHA-1: ecb0281fec7a979c1d8696f6a0b64be4ac9791ce SHA-256: cf5c37590f1019142b833d8aae582a2b027f510e8e5f5e40feba9625cbc04157

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. The document's structure as an Excel file suggests it was likely delivered via spearphishing, aiming to trick the user into enabling macros or interacting with malicious content to download and execute the Qbot malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.