Qbot Office (OOXML) / .XLSX malware analysis — malicious · d5749e6fe9d73642

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: f646162126897b62aa700338643e5304 SHA-1: a27ff76f7cfc20bbe0bd6ae12f2077f02b6ec8fb SHA-256: d5749e6fe9d73642f3dcc97224e949657092a9f9ded948fb38c66fae0b6fc3ec

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

Static analysis identified the file as a malicious Excel document with a critical ClamAV detection signature indicating it is a Qbot dropper. The primary function of this file is to serve as an initial entry point for Qbot malware, which typically involves downloading and executing further stages of the infection chain.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.