Qbot Office (OOXML) / .XLSX malware analysis — malicious · dd1247b34995dadc

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 51a23daabc97974e1a8cd5585a8254cd SHA-1: b1b90dd2dd0e2c82bc7e27fb827a2ddea71c473c SHA-256: dd1247b34995dadcfdf2fd80b981292f0d25f3152b9e250ca4a72ba5d82cc6c6

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop further malicious payloads. The detection indicates a malicious Excel document, commonly used in spearphishing attacks to deliver malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.