Qbot Office (OOXML) / .XLSX malware analysis — malicious · e8a8b62a4eef9940

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 86f00ded682a9eca6db0584e2733ddef SHA-1: aa3125739ea58b2c26d25b26942abc7fd16ef37d SHA-256: e8a8b62a4eef99408f595479d5a512f311d2df4e02e2e3e165461ce340c144b8

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file was detected by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', indicating it functions as a dropper for the Qbot malware family. The Excel format suggests it was likely delivered as a spearphishing attachment, aiming to trick the user into enabling macros to execute the malicious payload. No scripts or document body text were extracted, but the ClamAV detection is highly indicative of its malicious intent.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.