Qbot Office (OOXML) / .XLSX malware analysis — malicious · dc7fe68b453eb143

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 82054f7797fb2442d13f0a570721d4f7 SHA-1: 015a2a2a3f4c3dbf7af86b1f0b8f517ac25badec SHA-256: dc7fe68b453eb1438aeb8773e91930b8a71cbd9dd31c85f5b6a43104d8dd8267

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file was identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating its role as a Qbot downloader. This type of file typically lures users into opening it, often via email attachments, to initiate the download of the main Qbot malware. No further IOCs were extracted from this specific sample.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.