Qbot Office (OOXML) / .XLSX malware analysis — malicious · cf89c9b58001ed6b

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: a3735a0c5c3cc3a7a67232994fe5e4f9 SHA-1: 2d238daf4e3baf5d62acfa9f801548cd055c1d77 SHA-256: cf89c9b58001ed6ba6a27e62e81a0ba2f1abb0d5f0cc63dcfed4cb72e9babaf0

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', a known indicator for Qbot droppers. This suggests the primary function of this XLSX file is to serve as an initial stage for delivering and executing Qbot malware. No further details on specific payloads or C2 infrastructure were extracted from this sample.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.