Qbot Office (OOXML) / .XLSX malware analysis — malicious · d616cdfe66993e7e

MALICIOUS

Office (OOXML) / .XLSX

29.5 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 609d5ceaf1e931fcc7b1aff4004cec56 SHA-1: e11722fb34431ef20495b174379e6fd8f6a54380 SHA-256: d616cdfe66993e7e1151d019f09829185de211f49e2f8bf24f88a249c30d1009

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', a known Qbot variant. This suggests the document is intended to act as a dropper for the Qbot malware. The primary attack pattern involves delivering this malicious document via spearphishing.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.