Qbot Office (OOXML) / .XLSX malware analysis — malicious · d2f940a422164c7c

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 018315eb4c54f872b56a2bba8ad67458 SHA-1: 1ebcf1ab6a5dbb600929fefdb961eee1f09483ec SHA-256: d2f940a422164c7c66965b2862ccca1403770be1ebe019844e3f542f69d6c59b

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as a Qbot dropper, indicating its purpose is to deliver the Qbot malware. The heuristic firing strongly suggests the presence of malicious VBA or macro code, typical for Qbot distribution via Office documents. This points to a spearphishing attachment attack pattern.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.