Qbot Office (OOXML) / .XLSX malware analysis — malicious · dfa8ba52fad568b0

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 82306229a7d05ee0e1dc7547ef18c64b SHA-1: 1fd93f504f9a16db8eaa73ffa39d2356695873f9 SHA-256: dfa8ba52fad568b0c5e1792c7eddc0f89a5552ff14b6033791f89ef466670f8a

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document flagged by ClamAV as Xls.Dropper.QbotDocu12020-9818439-0, strongly indicating it is a Qbot dropper. The primary attack pattern involves delivering this malicious Excel file as a spearphishing attachment to trick users into opening it.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.