Qbot Office (OOXML) / .XLSX malware analysis — malicious · d1ede405dc877600

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: d7d761a9d264834fe4cfc1a48cc02d30 SHA-1: 6f9387c7e09072174a630536311cb43e116a0d8e SHA-256: d1ede405dc877600a5c373f57864c3d07cc7aef35721bf82ef9abe2ffc15978f

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. This type of file typically uses malicious macros or exploits within an Excel document to download and execute the Qbot malware. Further analysis would be required to confirm the exact delivery mechanism and payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.