Qbot Office (OOXML) / .XLSX malware analysis — malicious · e87fe532bdfde2b8

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: d774ef2681a4e31e1a755004fca25600 SHA-1: abc4ea93f04ac88dc34d379c1d8d63619e02c3f6 SHA-256: e87fe532bdfde2b862d2f875de54190312d0d9853fc789c9f7b1ef0337cc267b

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious File: Malicious File

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it functions as a dropper for the Qbot malware family. The detection name implies it is an Excel document designed to deliver a malicious payload. The primary attack pattern involves tricking a user into opening a malicious attachment, leading to the execution of the dropped malware.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.