Qbot Office (OOXML) / .XLSX malware analysis — malicious · d2974ec27b4a1c8f

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 4bd26b7eab574f4bbcbfbf5c9ebfd7a0 SHA-1: c464263d64bd4dcfedfdb99cd6beb4cf4b98a90d SHA-256: d2974ec27b4a1c8fc89856c741c4675d1c44847d5cd3f2214392cb32a78ec189

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The document's purpose is to deliver this malicious payload. No specific scripts or document body content were extracted for further analysis, but the ClamAV signature is sufficient for attribution.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.