Qbot Office (OOXML) / .XLSX malware analysis — malicious · d2d4a772b31467f0

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 8a59ad61402ffd9cd256337e09601978 SHA-1: 0ac9a65082a1a74675d37bf3cfed1558c6ae6208 SHA-256: d2d4a772b31467f05a0a8a3153960b094ad374cabedb98342de91b0f6fc2d631

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The critical heuristic firing indicates this Excel file is detected as a Qbot dropper. Qbot is known to be distributed via malicious documents, often using macros to download and execute further stages. The file's metadata and detection name strongly suggest its purpose is to deliver a Qbot payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.