Qbot Office (OOXML) / .XLSX malware analysis — malicious · ecae502021575b95

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: cf4914639b8a31ea93730c078ab9e05e SHA-1: ddae37535bc3d473278f42ae4bc6f00582d7aa21 SHA-256: ecae502021575b9528bd5290c20d35015b44fa09f8633f71bfe007fdb6e5447b

60 Risk Score

Malware Insights

Qbot · confidence 90%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is an Excel spreadsheet identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. Such files are typically used to lure users into enabling macros, which then download and execute the main Qbot malware. No further IOCs were extracted from this sample.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.