Qbot Office (OOXML) / .XLSX malware analysis — malicious · ec47498a2d57ba85

MALICIOUS

Office (OOXML) / .XLSX

23.6 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 1a7382ffb515d3f5812f6eaca682a41b SHA-1: 5f036400209857df2604a6686b7c5df9df8dfc63 SHA-256: ec47498a2d57ba853351ff69a3a4b6b3752a7a5eb96b1d12c9ffe552b208fd93

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel document identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The primary function of such documents is to execute malicious code, typically via macros, to download and install the Qbot malware. Further analysis would be required to confirm the exact delivery mechanism and payload.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.