Qbot Office (OOXML) / .XLSX malware analysis — malicious · dfb364eb49e710a9

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 57c609934b729d89176022ece6a3cc20 SHA-1: 195e6c90b9a90efe54576320de031dc7cd745929 SHA-256: dfb364eb49e710a9b2ec40c7c6ee221f537989d21e668ac46d80b2f56f9a93c5

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The heuristic firing suggests the document is designed to exploit user interaction, likely through macros, to download and execute the Qbot malware. The file type and detection name point towards a malicious Excel document used for initial payload delivery.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.