Qbot Office (OOXML) / .XLSX malware analysis — malicious · e3cc356e38fdfbb8

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 7a01ea538d21fbe1b53a2a49e1c9bcf2 SHA-1: 5358b7b8bd7a1f47e5fe76698b9d23b16f68116b SHA-256: e3cc356e38fdfbb8bf3a8ef5d618b7ca3177b106aa6433cef65248127b650a25

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The primary attack pattern is likely spearphishing attachment, where the Excel file serves as the initial vector to download and execute the Qbot malware. No further details on specific execution or network indicators were extracted from this sample.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.