Qbot Office (OOXML) / .XLSX malware analysis — malicious · e628faf302b114a4

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 9c4c4dd7afbb52da4ff6170443b8d248 SHA-1: 8050f18e549381651656d0e2fdf15141c34ed09e SHA-256: e628faf302b114a498dfcb4cf3c3f587ac61fb9eb6f65717e0650ca9f8d1df8a

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0'. This detection strongly suggests the file is a Qbot dropper, a type of malware commonly delivered via malicious Office documents. The primary attack pattern is likely spearphishing attachment, aiming to trick users into opening the document and triggering the malicious payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.