Qbot Office (OOXML) / .XLSX malware analysis — malicious · cf6375e57fa55913

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: a6e4e51e3c15fab6149371a801f7509a SHA-1: d93f11fe3ab0dcf65c3533b1a5ba274db6e435e0 SHA-256: cf6375e57fa55913d6cdd90ab8151d5f4bd5e54e034a4a07e97fd6caefb34462

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The Excel format suggests it was likely delivered via spearphishing as an attachment to lure the user into opening it and executing its payload. No further details on the specific delivery mechanism or payload are available from the provided static analysis.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.