Qbot Office (OOXML) / .XLSX malware analysis — malicious · e87db949c47f1ae1

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: e35c63c212c67e5f0076052b8cd17797 SHA-1: 85c9cb96aec168071b0b0d4a2e06a8d302c6828a SHA-256: e87db949c47f1ae17dd579ad31b5c49e193fd932ad71fdb2eb026319f226f569

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper disguised as an Excel document. This type of file typically uses macros or exploits to download and execute the main Qbot malware. Further analysis would be needed to confirm the exact delivery mechanism.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.