Qbot Office (OOXML) / .XLSX malware analysis — malicious · eb09a3e73e63667d

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: d6eebf32371390cb7926cd16bda6c146 SHA-1: 6a2cb4bec7ec609a60c532045327e696a2e53720 SHA-256: eb09a3e73e63667dba5f3583398315adccad888e8e9e5acd0f1434e64240d894

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it's a Qbot dropper. The primary attack pattern is likely spearphishing attachment, aiming to trick users into opening the malicious document and executing the embedded payload. No further details on the specific delivery mechanism or payload are available from the provided evidence.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.